Posts by Sabahattin Gucukoglu

AC Ident Code

Any chance of being able to distinguish ACs using a unique serial number stamped on their cowardly foreheads? That way, at least the cowardly identity of the character behind the unique coward can be challenged by reference rather than timestamp. We can then do the usual searches against each coward, identify trends, heap them into a suspected terrorist database, etc. (You must, of course, be careful never to make connections between an AC and his non-AC person.)

Cheers,

Sabahattin

(Sebby is what people call me, if I'd known it was a handle it's what I'd've used when I first signed up.)

Wave Is A New Protocol

"But the thing to remember is that Google Wave isn't just an app. It's a protocol. Or at least it will be. The idea was to create a new communication paradigm that everyone will use."

Good luck with that one, chaps. There's a very good reason SMTP and email are where they are today: they're simple, and they're everywhere. If you think even the hold of the 'net that XMPP has is a metric for success, you've got a very long time indeed to wait until world domination is yours, and that assumes people really want it the Google way on more sites than just Google. And that's not to speculate on the kind of tow-dragging those condemning IPsec and IPv6 are capable of.

Yes indeed, Google, you've got a long fight ahead of you. Roll up them sleeves! Maybe you can do better than everybody else who complains that SMTP is 'Broken' and is 'Open to abuse', etc, but I doubt it. Well, if they can't, why should you? Perhaps Wave is wonderful. Or perhaps Google will be in denial before long. We'll see. In any case, I'll thank you kindly not to interfere with my use of Mutt for clear, speedy, concise communication.

Cheers,

Sabahattin

And Next ...

On-demand CD/DVD burning/pressing. You know, tell the web service the name of an ISO file and an address under your control to send it to in desired quantities, and bob's not your uncle. Could be great for direct-to-customer or personalised disc sale, specially if EC2 is used to autogenerate to S3 using a master and almost no bandwidth or in-house robotic fiddling.

The fine print: the above text is mine. All mine, I say. Amazon can have the idea, which I'll just nip off to the patent office to patent now, for the cost of a recordable CDR. I'm not in it for the money, you see, just the legal disestablishmentarianism.

Cheers,

Sabahattin

Scale What?

I never understood what starting up more boxes could do for you. I mean, how can you benefit from having more boxes without IP and DNS-based load balancing? How can you coordinate things so your new units -- databases, web servers, etc -- are useful without doing an awful lot of messing about in the configuration of the whole? And even if you could, can you really spread database load and web server load without introducing the same DNS-based (and really quite unreliable) load balancing Amazon are finally offering here as real IP-layer solutions?

Somebody is just going to have to clue me in a bit. I just don't understand what use there is for automatic scaling. Sorry. :-)

Cheers,

Sabahattin

Curl

Nice utility. The web Swiss army knife for the command line. With a perl script and no dependencies you can use Amazon's "REST" APIs ...

Sorry.

NAT Boxes Should Port 25 Block By Default

How about we get a load of NAT box makers to block port 25 by default? Saves the ISP and gives the customer choice. Just an idea I can't believe I haven't had before ... though ISPs should be taking more care. And anyway a load of WinDrone boxes are hooked straight into the net.

I need some more spam. Do you mind?

Readers, please leave this alone. Non-human harvesters only! Use this trap: erhi@yamta.org

There. Now, what will happen? When will I get my first spam?

Cheers,

Sabahattin

Moving Personal Email

I need somewhere to put my domain's email, which is basically just me and for purely personal use. There's nothing critical - if my connection goes down (I rather doubt Google will ...) I can probably wait. I'm looking at Google Apps, which is quite exciting really. If it doesn't work, and I need my other services as well and can't compromise, I'll look into a Zen VM somewhere like the Spring Server(TM) dyndns.com now does.

I want "Cloud Computing" primarily because I think I have other things in life to do now besides worry about my aging Pentium-II Linux server. I don't want to be here when it breaks down. I'd sooner be without the anxiety which hurt the last time I had a couple of disk failures at bad times, and email is really quite important to me. It should still work whatever happens. Better to make it somebody else's problem as long as they get my money and I'm pleased, and I'll start worrying again when I'm employed or can take or want to take it back on again. And in the meantime I can do the moving ISP/house thing or whatever.

Cheers,

Sabahattin

PS: If you pay Google they guarantee you an SLA - it's £25/user/year (not counting aliases and mailing lists) (just a multi-destination alias, not a real Google group). There is a free offering. Start here:

http://www.google.com/a/

Enable STARTTLS In Public-Facing MTAs

You should find that a number of hosts, especially M$ Exchange, are by default attempting STARTTLS against hosts they find it advertised on. So, if you run an MTA and happen to have a certificate in use likely to be trusted by M$'s highly-paying customers (I.E. the certificate issuers they've let into their OS) then go ahead and enable STARTTLS and present it. (Enabling STARTTLS without such a certificate isn't advised because you risk losing mail from such mailers - they'll try STARTTLS, fail, then bounce; other hosts may or may not yield to failed verifications, and many may include the lesser known certificate issuers like cacert.org where M$ do not.) That should facilitate transparent cross-border encryption and verification without end-user help.

Cheers,

Sabahattin

No Ads, Per Force!

I'm blind, and most ads don't include alts, hence get skipped with the touch of a key. And because I'm blind, I don't download images. And because I'm careful, I don't take no cookies from no-one unless approved first, do the same for javascript, and restrict ActiveX/Flash/etc to the trusted list. All of which means that the Internet stays mostly 1.0 for me. It's fast, too, and very peaceful, without popups I don't ask for, lots of noise from silly ads and terrible performance. I still allow bgsound and equivalent, because that's very occasionally cute. Meta refresh still accepted, too, because that's often used for more good than evil. The funny thing is that CSS is getting used more now that it's pretty much usable and the web is becoming more standards-focussed, so this setup even works in elinks! It's so nice to see new functionality actually *restore* interoperability, rather than take it away.

And The Register? Yeah, I've bought my merchandise already ...

Cheers,

Sabahattin

@ Ian Chard

Try http://ipv6.google.com/

XP SP3 Unaffected By Jet exploit

If you installed SP3 recently, you have this fix. The affected module was msjet40.dll v < 4.0.9505.0.

Cheers,

Sabahattin

@ Alistair Wall, Re: screen readers

It does indeed. Just checked with two popular Windows screen readers. Works in elinks (textmode on *nix) too. :-(

Of course, that's only a problem if you believe this ridiculous claim. Which I don't. Although I couldn't help digging into it, just in case I, er, missed anything.

I struggle to imagine a simple way of implementing this banner without using an image and static alt/title unless script were used, or a CGI, or something equally likely to cause grief to the performance-desiring webmaster. Web counters are often images, so we often don't get to read those, either.

Cheers,

Sabahattin

Hmm. I wonder ...

Is there any hope that this will open up more reading possibilities to print-challenged individuals? We can only hope, although given the currently abhorent state of ebook DRM mechanisms out there, most of which rely on security through obscurity anyway, I'm given to be pesimistic. Still, the cost probably isn't quite such an issue if it's your only option, although I agree that selling both print and electronic versions at the same price is something of an insult.

Cheers,

Sabahattin

Real Alternative

Of course, that simply includes the requisite bits of the Real Player necessary for actual playback. The ActiveX control is included, so this security hole affects Real Alternative users as well. I only use Real's codec for the BBC Listen Again feature, and then only through that pesky ActiveX control ...

Cheers,

Sabahattin

Dangers of DNS

This article is just not helping my brains at all. How did the user get the malware in the first place such that their resolvers were subverted? Certainly, not through a nameserver - it would have to be some other way that the user was sent to get it first, from an "Address" running - what, a web server that is being referenced by other rogue DNS servers? Why on earth are bad DNS sites in any way needing to be recursive? And how many open hosts were real bad, and how many just weak and cache-corrupted for evil? And last of all, where did they get these impressive figures - scan of the entire net's nameservers for answers to the address lookups of the vast majority of known-scammed sites? Nope, I need the paper.

@Gordon Fecyk, re recursion: there's nothing wrong with recursion as such (some servers are deliberately configured to be open in spite of potential cache poisoning); like you say, you kinda need it. The rest of the world doesn't, though, so you'll have to somehow get your nameserver only to answer recursive queries from given netranges - those owned/operated by your clients. Running your own caches really is a very sensible thing to do, and is good to the net.

The reason recursion is a "Risk" has more to do with the fact that DNS is a stateless protocol running on UDP. It usually takes just one UDP packet in both directions from query source to nameserver and back to get a recursive DNS query answered (and that's in total if the server need not chase up). Apart from the obvious fact that you don't want anyone that doesn't need your resources to get the benefits of your caches' RAM/CPU when you're following the recursion every time you get asked about places you've never heard about, opening recursion to everyone means giving a potential bad person the ability to cause your nameserver to make outbound queries whose results will be cached on the attacker's demand. (He may, in fact, be able to do this already, for instance by connecting to a service that does RDNS checks or sending mail so that an MX lookup is performed as part of the antispam check, but at least he usually can't make too much out of that when his goal is taking over your web browser.) Obviously, his idea is that you take the word of authority from the attacker as response to your nameserver's question, not data from the legitimately authoritative host, and then cache it for a suitably lengthy time (the time to cache the record is in the TTL field of the record the attacker forged, rather helpfully). If your attacker is on the same physical network as your nameserver, he can simply race a response to its queries before the genuine response gets in. And he can answer on behalf of your nameserver when it is queried from outside - so he can replace your web pages and take your incoming mail. If the attacker is not on your network, weaknesses in the randomness of certain aspects of generated packets (IP source port and query ID) can be learned by experimentation of an attacker - perhaps by making your nameserver query one under his control - and the suitable response to a malicious query (one for which the attacker actually wants you to cache bad data) anticipated and forged in the genuine server's address (this is much, much harder though; the patches for BIND were fixing exactly this kind of weakness - namely, by copying better code from BIND 8 into BIND 9).

In summary: best not allow recursion when not necessary. It really makes sense. For local attackers, it's just asking for trouble - not that they haven't got other, much more result-giving alternatives to try (ARP spoof ...) in case that doesn't work. But if your nameserver is isolated somewhere near a border, attackers are still possibly able to do bad things - fill up your RAM and maybe poison you.

I know it was barely English, but I hope that helped!

Cheers,

Sabahattin

@ C, Re: Cases/Precedent

Petitions and lobbying aren't binding, no; so it's not surprising that it's often not effective at all. I'm sorry, but you must see this from the plaintiff's point of view - website providing potential independence for blind person for large retailer not accessible for what appears to be a reasonable amount of work in state providing for accommodation across the board. If the blind chap had his reasons for using that retailer, and there's no easy way to justify why the changes can't be made at non-impacting cost, then the case still has merit.

I did leave out whether the site really constitutes reasonable accommodation, and it's not something I can easily answer to, although the judge's remarks about using the site as a vector for planned shopping has some sense to it in my opinion as a frequent blind online shopper. I take your point, though, about potential abuses here. It is, as I say, somewhat inglorious a use of the legislation. It will be necessary to ensure that people are not financially impacted providing that a reasonable subset of disabilities are catered to for all visitors; something I think is more than possible with current W3C WAI and other guidelines and tools. But if I want to lobby someone, it's my local MP, and over here in Blighty we're pretty hard on the DDA requirements and penalties and, besides, pretty good to our less-capable citizens. Unless you're government - then you're excuse for having dreadful website design is that you don't care.

"It's great that some random blind guy can now use Target's website. That is *totally*

worth screwing over a nation of webmasters, subjecting Mom and Pop online shops to

fines higher than their family income, and attorney fees for battling it out in Federal

court with an AG from a state they have never dealt with."

Your comment was complete without this. I've addressed all of it, with one exception: yes, it is great that some random blind guy can use target.com. If you maintain that any side-effects of getting accessibility as far and wide as possible are implicitly deleterious, then we've got no hope whatsoever of making the web a reasonably fair medium for everyone, as it should be. The problem, of course, is that this is by far the biggest defense against legislation of this or any other sort that mandates reasonable accessibility, whether or not the legislation was suited to the task or not. And the current US legislation (like s508) is already getting quite good lip service as it is by less devoted organisations who take the absolutely most minimal approach possible to comply.

Cheers,

Sabahattin

Re: That's a real beginner's mistake...

Couldn't possibly agree more. To add insult to injury, most mailing-list managers have some sort of graphical administration tool (be it by web or by GUI). A few clicks, surely, is all it would've taken to put it right. Although it should've been right from the start.

Re aliases: it's damned tempting, for sure, to use aliases rather than intermediate mailing-list managers. Most MTAs even make this easy (for instance sendmail using owner-list and list to control returned mail and membership). The real advantage is speed; the MTA can optimise bulk deliveries. The disadvantage is practically everything else - filtering of any kind, moderation, MIME part stripping, bounce handling (although you could still have a custom robot for that purpose, it would be harder to use). Most obviously it means user management of subscriptions is nontrivial. Depending on mailing-list manager, speed may be impaired (those using VERP, for instance, where envelope sender is varied uniquely per recipient so that bounce handling becomes straightforward). Others do it right, though - they accept the message, then call the MTA to send en-mass after doing filtering.

Ah well, guess sysadmins don't come cheap over there.

Cheers,

Sabahattin

POSIX

Apple are borrowing quite a bit from NetBSD for the top-level tools in Darwin (I.E., the bottom half of OSX). NetBSD is decidedly excellent in the POSIX conformance thing, so I suspect Apple have made a few more shameless grabs...

Cheers,

Sabahattin

Vista

People who observe RAM usage: this is normal and it's due to M$'s new and improved memory manager. (Improved is, of course, an entirely subjective term, and this opinion is that of Microsoft.)

You can summarise Vista thusly: XP with new flash to make you feel good about buying it but for no other reason, and some (though not nearly as many as their should be) low-level improvements. If you turn the flash off, you're left with XP that has some features it should/could've had five years ago, or perhaps even 2000 should've had. You notice how every future version of Windows now has GUI elements for configuring new features added in the last? At last, Vista allows you tune (reasonably) the TCP/IP stack. Likewise, XP let you configure the time service added in 2000. Linux, on the other hand, is all low-level and no GUI (okay, yeah, but let's be fair to the great unwashed here). Linux has had stuff Vista is only just developing ages ago, with all that wonderful reliability to boot (accellerated networking, better threads/scheduling, IPv6, etc).

You can't downgrade without an existing license to XP - you have to install XP with a key you already own and then activate over the phone. Laborious and just the thing to guarantee you don't bother.

As for hardware prices going down because of Vista - well, that's just great! More for Linux, and to be used wisely!

Cheers,

Sabahattin

Don't go mad ...

All they want you to realise is that animals have to die because the overpopulation hasn't got anywhere to go but into the loving hands of shelters. This simply means that if you want a cat or a dog, find your perfect companion at a shelter! You don't need to worsen the situation by paying money for a young pedigree/near-generation breed of animal and you can still be happy.

This just makes me glad to continue recommending animal homes to future pet owners. So far I don't think I've ever heard anyone let down. My stray cat certainly couldn't be a healthier and more lovable animal to keep. One would think the expenditure of keeping these animals would enough to convince people to consider taking an admittedly small portion - the cost of the animal - out of it!

Cheers,

Sabahattin

Couple of things ...

I think you mean "Traversal", not "Transversal". It's a directory traversal attack, because you're using relative paths (EG ../../../etc/passwd) to traverse the filesystem while avoiding most of the common checks done by software to see that they're not being abused (EG paths don't begin with a '/' in order to detect if a filename is given). Even when checks are in place to attempt the resolution of pathnames, they're not always sufficient - see, for instance, the Microsoft Unicode double-escape directory traversal attack in IIS.

The other issue is considerably more serious, though: what in the name of sodding bloody buggering hell is the webserver doing with access to a key file that ought to be root-owned and that the server ought to have read into memory before dropping the hell away from superuser privileges and certainly before even thinking about accepting queries over the network?

Cheers,

Sabahattin

Mark My Words

It's going to go wrong. Terribly, terribly wrong. Giving ISPs more of a leverage than they already have to squeeze the life out of small businesses and competitors ... it's a mistake. If an ISP/whatever can buy and actively use such technology and feel good about it, there's something wrong with its management. There has to be, because they would do better to advocate improving their networks and the networks of those around them for everyone's benefit and to support the use of standards to ease the problems of end-to-end QoS (I know, like a lot of the net, there will be those who abuse that too, but we have to think of the people for whom the net is built and they make up most of it, so we just improve implementations to support a more secure design and thereby putting the issue in the hands of the people). On the other hand, the technology companies are making a handsome profit from what they know is a lucrative market and a controvertial issue while happily skirting around the touchy issues involved (don't you just love the bit about tracking individual users?).

Tip: ISPs that treat their customers like third-rate citizens *do not* get my vote. If I find you traffic shaping/blocking/limiting or transparent proxying without prominent notice to would-be customers (no, terms and conditions are not enough - you must publish the fact that you manage your resources using these methods and make your customers understand that you think it's a good idea for their sakes), I shall at once condemn you and your customers to my best sneer. I will also make no uncertain remarks about the issue if I get someone asking me what ISP to go for. Although I don't like it, I'm less worried about ISPs who call their service plans "Unlimited" providing there is no enforceable cap (some do, some don't). I still recommend you don't call your plan unlimited though unless you're damned sure every one of your customers - even the greedy bastards who're on and loading all the time and who don't keep much-needed information/downloads/etc offline - will not reach any cap, either policy or technical.

Cheers,

Sabahattin

Alternative (Non-US) Root Nameservers

http://www.orsn.org/

Based in Europe, principally; the only US server is being run by, of all people, Paul Vixie. Great service, sensible policy: track ICANN unless they go bad, in which case stop tracking ICANN. Yours for the princely sum of exactly zero of your chosen currency. :-) To get going, download the root hints and set up as a hint zone for "." in your nameserver, or you can patch/configure your nameserver software to get that effect. I've got djbdns and bind nameservers to use it just fine.

Cheers,

Sabahattin

Speech Synthesis

Adobe reader has support for the use of SAPI for synthesised text output, provided the book/PDF exposes the textual data and grants the right (say, could that be what Adobe means by "Permission to read aloud"?). For publishers paranoid about text copying, we - the blind users - have a little war to wage against the publishers, whilst the screen reader vendors work with Adobe to make the reader work just well enough to be usable. Oh, the joys; the unadulterated pleasures of it all.

Speech synthesis, I think, is something you get used to. I'm blind and use it all the time, and I've heard pretty much all synthetic variations from the 30s onward. Perhaps, rather than using concatenated elements, you should look into formant-based synthesis by rule? It's more unnatural (more computer-sounding), but much more agreeably consistent. The inflection is really there, carried by punctuation, and the synthesisers do their best to make things sound smoothe and responsive. ScanSoft now owns most of the best commercial synthesisers. There's a heavy license tag on them, though, for use by licensees who, in the AT market, rub a bit off on the end-victim. Then there's Fonix, whose latest generation is a mix using samples and DSP for a minimal footprint - a runtime for Linux can be had at $30. Open Source is available, quite good in cases and mostly in the by-rule category. Festival, which uses diphones and sounds not bad-ish, was once truely open; it seems to have become dubiously licensed since. But ESpeak, FreeTTS and Flite are still in evidence, and have their approvers (flite being, in essence, a fast-performing festival - until recently, anyway).

Human-sounding? Try http://www.nextup.com/ for all that's best in synthesis for use by the easily-impressed great unwashed. Go on, surprise yourselves. You'll pay for your sin with large disk space requirements.

I've read Project Gutenberg (I *love* Project Gutenberg! Check them out at gutenberg.org ) from Shakespeare through JKJ through Crompton using TTS. I think I've been most impressed by ScanSoft Elloquence's rendition of As You Like It. It's just amazing. And beautiful. Synthesisers that make you concentrate too hard on their output (I.E., those not blessed with very intelligent exception dictionaries, grammatical processing and with huge gobs of diaphone data at high-quality rates using a less-than-average blessing of emphasis rules for a big bite of CPU) are just hideous to use for anything serious. These are, I think, what you really want in a narrator for your EBook though, and what humans not needing synthesis in an assistive market think of as somehow necessary. It isn't that you don't need a better synthesiser, it's just that you're already hard-put-on to get anything more human-sounding onto your desktop computer. Surprising though how many people can listen to and learn Elloquence (rule-based) in little more than a few minutes before understanding it flawlessly, clearly and consistently. Hmm. If you can take the stereotypical robot-sounding voice, you'll soon master it and love the privileges it brings you.

Cheers,

Sabahattin

No, Come On

Microsoft could never dare to pull out of Europe. What's worse, after all - a quick slap on the wrist or three or the loss of consumer, OEM/wholesale and contracted licenses in all of Europe?

Cheers,

Sabahattin

The Standards Are Here

... so use them. X.509 certificates, TLS (extensions defined/used for all protocols: HTTP/SMTP/POP/IMAP), S/MIME or PGP (your choice; OE has always supported S/MIME). Simple configuration changes, group policies, etc etc. should make it possible to ensure all communications are required to be not only encrypted by sent/received by trusted hosts. Then there's PGP, of course - PGP can take lots of money from you in exchange for their serverside integrated stuff for sending between hosts, assuming intercorporate X509 relationships don't exist for use of SMTP TLS extension over the net between intercorporate hosts. Whatever, it's all there. Just think carefully and put someone who understands in charge. Oh, and do try not to leave anything too sensitive on a Windows box if you expect it to be raided and taken to bits, as the game is over for you then.

Cheers,

Sabahattin

Drm? Microsoft influence? Hmm ...

Nope, it cannot be. At http://www.bbcshop.com/ , one can now *buy - yep, that's right - *buy* Microsoft WMP10+, DRM-Encumbered audio/video. As opposed, you know, to buying the equivalent stuff on CD, tape, DVD, video, etc. You need certain system requirements, their download manager, WMP10 with Unique ID on ... I didn't hit the button at the checkout. I lacked the nerve. Cleared my order; paid double for a CD. I shall wait for my CD and rip it, thus getting me what I wanted (a Dr Who story, matter of fact) in the right and honourable flac at just the right quality for me - f***ing perfect.

Corruption from Microsoft? No, it must be something else. Hell, even if it'd been MP3, I'd take it. But I draw the line when the BBC employs needless M$ technology at my expense to give me my license to *my* copy of *my* favourite audio on a string the BBC can give a little tug and revoke my right to listen to. Sick. Will the fanboys please smell the f***ing coffee?

Cheers,

Sabahattin

Dodgy Practices

I had a custom-speced Mesh laptop, a real powerhouse and paperweight combined. When it's display got a bit too loose for comfort, I sent it in (under warranty, of course) with a prepackaged mobile AMD that I asked for them to install. Sure enough, they called me up to give me a long list of what wasn't wrong with it in frighteningly graphic detail (I don't think the guy was a tech but he'd obviously been reading a script because it almost sounded like complete nonsense, although I'm not in hardware and don't know nearly enough about the internals of these boards in these things but I did do as much research with the motherboard's documentation as possible and it didn't fit - among other things he'd given me the wrong spec for the RAM) and he told me that I could either pay £600 for the repair, £120 for a return delivery including the dismantled machine or just let them bung it on the heap for destruction. At the time it was my fastest machine, so I was a bit torn. I gave it a bit of thought, called back an hour later convinced (after talking to a few more knowledgeable friends of mine, some of whom had seen the monstrosity in question) that I was clearly being ripped off, and told the attractive-sounding lady to kindly tell her manager to stuff my laptop where monkeys shove bad nuts. I will, of course, never by from Mesh again. I know they're quite well-renowned for their quite-alright desktops, but they've already brewed their hatred in me for them and for all companies like them and for all the employees who care more for their pockets than customer satisfaction. A pity, because the smaller shops and one-man ventures never seem to get the publicity they deserve for doing just that, and not finding any excuse to quit on the job for pay at any opportunity. I think PC World is the worst example of that nowadays, although ironically my best machine, my server of Vintage Linux class C98 era, is working to this day in fine form. I also know Mesh have been investigated for this practice, so I'm clearly not wrong about it. Between times, I have in my area seen compitent guys just doing their thing and doing it well for me and at good rates, and now my desktops get the occasional service they need from people I can trust. And now, apart from the crappy quality of today's hard disks, I'm happy with the desktops of three distinct ages sitting atop my desk connected to a KVM and giving me power beyond my wildest dreams. Well, alright, my second wildest dreams ... ;-) I still don't know who to trust in the making of laptops, though. If Dell is quality, do I have to talk to their technical support at all? I don't think I'll do custom-made again ...

Cheers,

Sabahattin

Righteous Human Straws

Please kindly learn a thing or two about genetics and metabolism. It isn't all obesity due to overeating (although I agree that's a highly common cause and/or contribution). People naturally fat (and once again, there's nothing wrong with that!) can find it very, very hard to stay at safe weights. It really doesn't help when people spread the media-induced, idealised image of young, strong and - above all - fit and slim children growing up to become the bewildering stereotypical attractive personage. It's something that really got to me as a kid (but heh, they were no match for the nettles), and I'd really expect people of the readership to know better than to make such a silly assumption. Of course I think parents have a duty to watch over their kids' diets, but a more worrying question might to be to wonder how the little children got so obsessed with all those yummy sweets/chocolates/chips/crisps/etc in the first place. I know I was guilty then, but I'll never understand it now as I'm hardly ever tempted by the bad stuff nowadays and my weight is fairly constant.

Sure you'd guessed, but I'm an unlucky bastard. Born short and plump, destined to die short and plump. Do watch my weight though as best I can, do try to stay off the temptations, but short and plump is sadly in the family line on my mother's side. I have at various times achieved remarkable feats of weight loss through sporting activities that I've enjoyed, but on the whole I'm an idle idol (although I do, and more people should, take frequent breaks and move about inside or outside to relieve themselves of the tedium and give yourself a bit of exercise - I myself have a strange habbit of pacing that most people can't see is just something I must do in order to even concentrate). I'm nearly twenty-five but consider my muscles more than adequate - adequate, combined with my weight, for the useful purpose of shattering a few tiresomely stiff doors, anyway. :-) Like a lot of people, I'm still getting rid of the weight I put on at the discos at uni. I have since sworn never, ever, ever to touch alcohol ever again (yeah right).

Cheers,

Sabahattin

Re: When IE Fails...

You can't install a version of IE from the mainline on an OS that integrates IE at that same version or better. So, IE6 on 2000 is mainline and can be removed/repaired (provided you don't trash your undo info, which you can do). On XP, IE6 is integrated, so IE7 behaves much like IE6 on 2000. You can always use the downloader program to fetch the installers for IE (the iexsetup.exe takes command-line switches) but you can't use the installer on operating systems that already include that version or above of IE.

This is all explained in hideously incomprehensible detail in some M$KB somewhere that I once read a long, long time ago while trying to prefetch IE6 for 2000 for bunging on a CD.

And Firefox? Yay!

Cheers,

Sabahattin

Re: MS Agent patch isn't just for techies

Only if you're on 2000 because the ActiveX control is from a different development line. I think it's fair to say that 2000 users will be techies, especially now that M$ are quite effectively forcing every new hopeful Windows punter to avoid the goodness and go straight for the bloat with just enough temptation to make it worthwhile. I, like our reporter, only had the Malicious Software Removal Tool to (well, not exactly - it just runs the check and sets a regkey to prove it's done it) install on XP.

Cheers,

Sabahattin

Port 25

What we need is port 25 blocking by default by the ISPs as their own exception to otherwise perfect pipe provisioning, with the clear option to turn this off (quick call to customer services, could even be automated using a ringback to the customer's number taken from records). In any event, the filtering, together with ingress filtering, should be done where it's going to make the most sense, at the ISP's sprawl.

BTW: yes, I'll be the first to turn off that block as I run my own MTA and with good reason. I paid for network access, which means I get to choose how I route my email and DNS. If I want to do that myself, then so be it - for those admins who disagree, you're just encouraging another subtle form of net discrimination (read: treating your customers as shit, and second-rate shit at that).

Cheers,

Sabahattin

Upstream QoS Works Wonders

... so why in the name of bloody buggering hell aren't more people using it? You know - send your ACKs first, prioritise HTTP/SMTP/whatever-other-noninteractive above P2P/bittorrent/other outgoing and beneath VoIP/etc? Ever heard of the DSCP, various congestion control algorithms, RSVP? I've never understood why so much standardisation work to solve precisely these problems that can be implemented on most networks simply never gets a look in, or, indeed, why Skype doesn't set the DSCP on outgoing packets for the benefit of those who'll listen so I can actually test them (even if it's technically only half the solution in that it only controls your upstream packet queue it is likely going to have a great effect on which packets come back at you and in roughly which order). You can really make your connection feel great even when it's clearly under absolute saturation. You don't need ISP cooperation and you certainly don't need to pay money for it. You can achieve wonderful results just with some tweaks on your jerry-rigged router-come-server. Go on, put a Linux/BSD box in front of your main link. Pffft. Oh, and just because I feel like a flame or two, M$ worshippers can note that QoS in Windows is, as always, outside of end-user control and that, as such, you're stuffed.

As for me: I see better potential in upgrading infrastructure than in any amount of service-side net non-neutrality. And despite what's been said here, I *do* think it's almost bound to go bad if ISPs are let even further off the hook. I guess that makes me a net neutrality fan in most peoples' eyes, but that doesn't mean I'm not in disagreement with the fact that the net needs a makeover so that it isn't bound for a slow death because of near-permanent congestion without any shaping. But we shouldn't use packet prioritisation at the upstream, we should really start by beating the spineless Ofcom into letting BT conquer the land with superfast IP infrastructure everywhere which everyone else can then happily borrow to increase the actual available bandwidth (you know, the bandwidth my ISP happily charges me £x.xx a month for theoretically perpetual use of) instead of relying on the shit that is wet string copper running backwards technology like DSL. Urgh. If you do have LLU then by all means go for it, but we have to have a change. I know I don't want some snot-nosed teenagers determining the fate of my net connection to be selectively throttled downstream just because they're the ones sharing crap and I'm not or, more likely, I'm seeding a Linux distro ISO or three. So I don't care for non-neutrality; I'd much rather the net just fell over and push for improving the infrastructure if the public really needs a wakeup call while the router manufacturers resolutely fail to add basic QoS functionality (I know a few are now, in particular Linksys - now Cisco). Perhaps the iPlayer will do it? I haven't tried checking, but I'm quite sure that my average monthly consumption probably makes my bill look positively scandellous. In such a case, maybe PAYG in the meantime?

Cheers,

Sabahattin