Author Archives: daniel

Internal conflict

Things aren’t good when Windows gets so mixed up that different components start fighting with each other, and accusing each other of being security threats. Here we’ve got DEP shutting down Explorer:

DEP shuts down Windows Explorer

Fortunately, while just about everything else had crashed, Task Manager still worked, so I was able to run Paint.net and save this screendump.

For what it’s worth, I think an unstable non-MS EXE was what did the damage, so Windows isn’t entirely to blame. Still, I can’t help wondering if Linux has these kinds of issues.

All was well again after a reboot, natch.

It’s not just phishers who can’t spell

We were talking about phishing attempts the other week, and noting that bad spelling and grammar can be an indication that something is amiss. And it was noted that sometimes big companies make mistakes like this.

As an example, I got this the other week…

Amazon email with misspelt word

Now, I’m assuming that it’s actually legit, but sloppy, as it does appear that each link goes to an Amazon.com URL.

This Is Broken is broken

This Is Broken used to be a terrific blog — simultaneously entertaining and educational (at least for those of us who have anything to do with building or implementing interfaces of any kind).

But now it’s broken. It’s all migrated into the Good Experience Blog, which might be okay in principle, but it dilutes all the Broken stuff that was the most fun. I don’t want to read job offers for North America. Nor am I particularly interested in many of the articles. And while you can view just the Broken articles on the web, there’s no RSS feed for just those posts.

(I’d leave a comment to this effect on the This Is Broken post that announced the change, but comments are closed. Which is also broken. Someone else left the same comment, anyway.)

So I’ve unsubscribed to the Good Experience RSS feed. There is a Flickr group that is still dedicated to broken stuff, though its attached RSS feed appears to link to an inactive discussion forum.

Why Facebook sucks

Now, I know there’s a lot to like about Facebook.

And I know the way it’s open to developers to fiddle about with it is part of its success.

But this in turn gives it a usability problems. For example, I noted a video on my home page, shared by someone I know. It looked interesting.

So I click it.

It doesn’t play the video. Nuh uh. Because I’m new to Facebook, instead it shows me a scary security dialogue offering to add the Facebook Video application to my account. And because we all know these days to be very wary of security dialogues (they mean something bad might happen if I choose the wrong option, right?) I have to very carefully read all of it.

WTF?! Five security options, an application description and a disclaimer and a link to the Platform Application Terms of Use, plus a link in case I’m Afraid of abuse by this application? I JUST WANT TO WATCH THE FREAKING VIDEO!

You don’t get this problem with YouTube. Well, not if you’re one of the 99%* of people who already have Flash installed. (Hey, Facebook Video uses Flash as well, as it happens.)

*This is a guess, though from memory it’s something like that.

Seriously, all this is too much information. (And it turns out the first option is compulsory for this application — if you decide to be ultra-careful and don’t say Yes, you can’t have Facebook Video.) For something which is not actually an infrastructure security issue (unless I’ve seriously misread how Facebook works, all this lives inside your browser; nothing’s coming down to be installed on your computer), but is more of a privacy issue, I’d argue that sensible hidden defaults, only shown if the user is interested, would be more suitable for this kind of thing.

Now, as to why you’d post video hidden away in the Facebook walled garden, rather than on Youtube where anybody can find it… I can only assume that you don’t want too many people to see it, that you’re being fussy — you only want your “friends” or a particular demographic watching. It’s a little counter-intuitive when for most, it’s hits/views that are what we’re looking for — the more the merrier.

I guess that’s why I’m a Facebook cynic in general.

Office 2007 title bars

I’ve ranted before about applications which decide to implement their own standards for colours. iTunes is the classic example. In order to make it look all cool and hip and skivvy-wearing-Apple-like, it has subtle shades of grey on the title bar to indicate (ha!) whether it’s active or inactive.

So I’ve been playing around with Office 2007, and now I find they’ve done the same damn thing.

Here is Word 2007 when it’s active.

Word 2007

And here it is when it’s inactive.

Word 2007

Actually, no, wait, I might have got those mixed up. Which is precisely my point.

WinXP’s default colour scheme gives me nice bold title bars, which clearly prompt me as to what’s got focus, and what hasn’t. Office 2007 overrides this, ignoring any preferences I might have set in Windows.

Digging around the Office 2007 help, and sure enough there is a way to change it. Well, almost. Well, not quite. Actually no, there isn’t. All they give you is the option of three different colour schemes: Blue (default, pictured above), silver (which is so close to blue it might as well be the same) and black.

Black, as it happens, gives the most contrast between active and inactive title bars. But it’s not only ugly, it also totally grates against every other window under the XP colour scheme. Do I have to change my XP colour scheme to be equally ugly just so I don’t have clashing window colours? The only benefit is it appears to almost match Media Player 11.

I know MS wanted to break the mould with Office 2007, to radically change the user interface. And I kinda like the big goofy buttons. But this bloody title bar thing is very, VERY irritating.

Anti-virus performance

Even if you avoid putting multitudes of security packages onto your computer, you need to be careful choosing what you do install. For now I’m going with Windows Firewall because it’s easy and cheap and seemingly fast. (Yeah I know it doesn’t block outbound connections.)

And anti-virus? Well I’m beginning to think, despite what I said last month, that CA AntiVirus may be helping to cause my Media Center problems. It’s also continuing to bug my kids (non-Admin users; and I plan to join them in that group) with pointless error messages.

Kaspersky gets a good rap from C/Net, so I’ve downloaded a trial version. I don’t have any hard data, but the machines already seem more responsive.

By the way, reading an APCMag anti-virus review (Feb 2007), it noted that Norton takes up over 300Mb of disk space! 300Mb?!? For anti-virus? That’s insane.

Play Commodore 64 games online

Why did nobody tell me about this before?

Play Commodore 64 games online, using Java

One issue though: I haven’t figured out yet what simulates the Run/Stop key, which some games use to start.

(via Pete)

Protection rackets

Just how much PC security do you need?

Ryan Naraine notes that all the various protection software for Windows is getting out of hand: “Here’s a list of the products sitting on your machine, sucking valuable system resources under the guise of protecting you from hacker attacks: Anti-virus, anti-spyware, anti-rootkit, anti-spam, drive-by browser protection, etc., etc.”

I mean, the evils of viruses and other nasties are that they take your computer’s resources and waste them for their own purposes, depriving you of using them.

But anti-virus and other products do the same thing: they also take your computer’s resources and use them for their own purposes, and you pay for the privilege!

It’s like the over-zealous spam filter than zaps legitimate emails. The purpose of these products should be to make your life easier and save you time. If they slow everything down and make life hard, are they really worth the trouble?

How about some common-sense, appropriate security privileges for everyday computer use, and protection only for attacks that can arrive genuinely unannounced and without the user causing it?

Obviously you need some defence against stuff that can get in unannounced. Firewalls and virus scanning on emails and downloads would seem to be appropriate here, but I suspect anything else is going over the top.

(All this is assuming you don’t adopt Josh’s model and disconnect your Windows computer from the Net entirely. Few of us would be willing to make that sacrifice. The network is the computer.)

Spot the phish

McAfee have a great ten question quiz to challenge whether or not you can spot phishing sites. Give it a go. I got 9 out of 10.

Once you finish, it shows you the answers, and how to spot the fake sites.

Of course, one of the problems is that a prime indication of a fake site is awkward or badly phrased wording. This, unfortunately, is not limited to fake web sites. While it isn’t generally a trait of big corporate web sites, that have professionals working on them, there’s any number of smaller businesses that have badly designed, misspelt or awkwardly-worded sites.

In most cases, it’s careful inspection of the URL that will indicate for sure if you’re talking to the right people. Some of the quiz examples excluded this information, to make you look for other signs, which was good. But in practice all browsers should be displaying the URL. Some older versions don’t do this on popup windows and so on, which is a problem… you can see it by right-clicking and looking at the properties of the page, but most people wouldn’t remember to do this consistently.

A few brief things

Tony’s talked before about Mozy online backup. Now Ars Technica have a comparison of Mozy and three others. Worth a look.

I’m sure I remember posting a link to a PC inside a C64 case. Here’s a couple more: inside a Commodore 64 SX case, and inside a BBC B case.

Cam’s looking for geeks to help run The Podcast Network.

Top games

Edge 100 best video games For Aussies wanting to grab a copy, Edge’s 100 Best videogames of all time (air freight) has landed in newsagents (well, a few of the better ones), though all but one copy had been snapped up by the time I visited MagNation today at lunchtime, so you’ll have to be quick. Otherwise, you’ll have to wait a couple of months for the sea freight edition to arrive.

The release of the list of games made the news worldwide, with Legend of Zelda: Ocarina being awarded the top gong.

Meanwhile, GameTunnel has named the top 100 indie games of the last three years.

Web server certificate perils

The replacement of web server certs is easy in theory. You should be able to use the old cert request with the CA to simply get a renewal of the existing cert.

Should be able to. I found out to my peril this week that it doesn’t necessarily work that way.

Using a corporate Certificate Authority, the new certs were ready to go, so on Wednesday night I arranged to get Admin access to the Win2K servers to put them in. Alas I was running late and missed the window in which I’d been given access! A consequence of the facilities guys being a little too efficient, I suppose.

No matter: attempt two was made the following night. Following these steps to import the cert all worked fine. Then use the IIS config applet to replace the old cert. Done.

Except it didn’t work. Browsing to the server on HTTPS failed with the usual kind of useless browser error: it claimed a DNS error/server not found, which made no sense. Nothing in the IIS log that told me anything.

Talked to the CA guy the next day. Very puzzled. Any amount of inspecting the old and new certs showed nothing.

On a whim, I decided to start from scratch: re-generate the cert requests and get the certs re-done.

Somehow, it worked. Still don’t know why, but it did. Memo for next time: just do the extra requests; don’t try and take a shortcut by re-using the old ones.

Amusing aside: While talking to the contact in Facilities Management, my other phone beeped. It was the coin sound from Galaga. “Hey… isn’t that from Galaga?” Yep, well spotted!