InsanityWorks

The Programmer's Bill of Rights

2008-09-07T16:20:00.002+01:00

Having started my new job the first thing I did was sort out my work station arrangements. I had inherited a pretty decent P4 Dell PC, not bleeding edge but certainly fast enough. But it had only a single 19" TFT, so on my first day I cheekily requested a second screen and to their credit they said yes! This was a set up I adopted at my last employer and had found it such a boost to productivity (I am not sure they thought so, but that is another story!)

Browsing around the web today (it is raining, thundering etc outside) and I found this entry, posted a few years ago on the Coding Horror Blog, it is a non-serious bill or rights for programmers - multiple screens, fast computers, choice of keyboard and mice, comfy chair and quiet environment. Pity I didn't find it when I was in my last job! :-)

The Last Hope Talks

2008-08-27T23:22:00.004+01:00

I have spent the last few days listening to some of the presentations and talks given at the Hacker On Planet Earth conference (HOPE) This year's event was probably going to be the last due to plans to demolish the venue in New York, hence the event tag "The Last HOPE" however it seems those plans may have changed.

The speakers are wide ranging, with interesting and thought provoking topics.

Some highlights are the talks by Kevin Mitnick, a 3 hour marathon talk by Steven Rambam about privacy and the lack of it and the ominous threats posed by new technologies such as Google, the iPhone and social networking sites, well worth a listen. Also Renderman's presentation "How Do I Pwn Thee? Let Me Count The Ways" highlights the security dangers of mobile technology.

Of special interest to me was Travis Goodspeed's "Introduction to MCU Firmware Analysis and Modification with MSP430static" the slides and information are available from Travis' website. In this talk Travis gives a wonderful account of the basic principals of reverse engineering.

All the talks are available here for free download in low and high quality versions.

SamKnows releases first broadband preformance report

2008-08-02T13:25:00.003+01:00

I posted back in May about ISP watchers SamKnows.com who launched a bid to discover the truth about the state of UK broadband by recruiting volunteers to install a monitoring device on their network, to collect performance data (the geographical distribution is shown above).

They have now released their first report, a 40 page pdf which can be downloaded here.

On page 2 of the report is the main summary

In the majority of metrics there was little discernable difference between most
ISPs;

Zen Internet offered the fewest failures across all metrics;
Virgin Media’s cable services and Be/O2’s services provided a consistently low latency throughout, whilst Virgin.Net (Virgin’s ADSL service) performed poorly.
BT provided the fastest throughput when measured as a percentage of implied line speed (an estimate of the potential maximum speed of the line)
Be/O2 and Virgin Media produced the greatest raw throughput (in megabits per second), which can likely be attributed to the nature of their products.
Virgin Media’s cable throughput remained consistent on their 2, 4 and 10Mbps products, but was quite variable on their 20Mbps product.
Testing highlighted the use of traffic shaping in the networks of BT and PlusNet, which resulted in certain classes of traffic slowing significantly during peak hours.

Being on the Virginmedia XL (20 Mbps package) I can confirm their results are pretty much what I have experienced.

Hackers attack DNS exploit, ISPs failing to update servers

2008-07-31T19:43:00.004+01:00

theregister.co.uk are reporting that many ISPs have still not acted up on the now infamous DNS security flaw and miscreants are actively exploiting the gaping hole in the internet's address lookup system that can cause millions of web surfers to receive counterfeit pages when they try to access online banking services and other types of websites.

many laggard internet service providers reported to be dragging their feet in applying patches that fix the devastating DNS flaw. Dan Kaminsky says more ISPs appear to be getting the message. Last week, about 51 per cent of unique name servers tested on his site (see the "check my DNS" button to the right) showed up as vulnerable. Now, he says it's closer to 35 percent.

Test your own ISP here.

If it still fails then you can always update your settings to use OpenDNS

dynamicDemand

2008-07-24T08:30:00.003+01:00

Discovered this brilliant website which has a meter which attempts to monitor the power balance of the UK electricity grid. If the needle is too far to the left, it means more generation is needed to meet demand.

The meter actually shows the grid's "frequency", which is related to the speed of rotation of generators all over the country. When there is too little power available, the whole grid "slows down" and the needle moves to the left.

Now resisting the temptation of running around the house turning appliances on/off in an attempt to affect the meter!

Citizen Engineer

2008-07-23T16:38:00.002+01:00

Citizen Engineer is a new online video series about open source hardware, electronics, art and hacking by Limor (Ladyada) Fried of Adafruit Industries & Phillip (pt) Torrone of MAKE magazine.

From hackszine.com

Quite an interesting video, some oddity with the sound mixing but an enjoyable 30 minutes

xkcd.com - Security Holes

2008-05-18T23:02:00.002+01:00

Follow on from my last post the wonderful xkcd.com has a humorous take on the whole matter

Debian/Ubuntu: Serious OpenSSL/SSH vulnerability

2008-05-16T06:55:00.004+01:00

Back in September 2006 a line of code was removed from the Debian distributed OpenSSL package. The reason? That one line of code was responsible for causing an uninitialized data warning in Valgrind, the linux based programming tool used for memory debugging, memory leak detection, and profiling, by removing it the error went away!

Unfortunately that one line of code also seeded the random number generator used by OpenSSL, so as a result the keyspace used by affected systems went from 2^1024 to about 2^15.

Secure Sockets Layer (SSL), and the newer Transport Layer Security (TLS) are the cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, instant messaging and other data transfers. There are slight differences between SSL and TLS, but they are essentially the same.

The problem is when creating a encryption key with the affected version of OpenSSH, there are only 32,767 possible outcomes for a given architecture, key size, and key type (as opposed to the intended 1.79769 × 10³⁰⁸), leaving it wide open to attack.

A large majority of Debian and Ubuntu systems are affected. To correct the problem, users need to not only update OpenSSL, but also revoke and replace any cryptographic keys and certificates that were generated on the affected systems. From the Debian security advisory:

Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though.

For most people this affects the SSH server's host key and any public key pairs used for remote SSH authentication. However it is a more of a headache for people with web servers as any keys or certificates generated on the affected machines for SSL/Https use also need to be revoked and regenerated.

There is a lot to think about here. I have worked with many software developers and have noticed that many have this natural tendency to want to fix and re engineer things that aren't even broken. (I am guilty of it myself)

This stems from an engineer's weird desire to make sense of thing, by taking something apart and putting it back together is a common way to increases familiarity and understanding of the machine, engine or indeed the code they are working on. But it hard to restrict the tendency is to try and make 'improvements'.

More discussion of the problem here
Debian OpenSSL Predictable PRNG Toys

Security flaw turns Gmail into spam open-relay server

2008-05-13T10:10:00.004+01:00

A recently-discovered flaw in Google's very popular email service is capable of turning Gmail into an effective spam machine. According to the Information Security Research Team (INSERT) the flaw allows a spammer to send thousands of bulk e-mails through Google's servers without fear of detection. This attack bypasses both Google's identity fraud protection mechanisms and the current 500-address limit on bulk e-mail.

The worry is not just that the flaw allows spammers to send a potentially unlimited number of messages, it is also the trustworthiness given Gmail by other e-mail providers could exacerbate any potential spam attack.

Spam currently accounts for 95 percent of all e-mail traffic and many e-mail providers have adopted whitelists and blacklists as a first line of defence against the flood. An e-mail from a known spamming domain (or the corresponding IP address block) may be automatically blocked by any given e-mail service, while an e-mail from a trusted, authenticated source such as Gmail is automatically allowed through the gateway.

Most e-mail providers use multi-level filtering services, which might detect that the forged Gmail message is spam, but the message will have cleared a substantial hurdle that would have otherwise stopped it. Messages originating from Google, it seems are well-regarded by both Yahoo and Hotmail. The INSERT team tested the degree of trust between the three major e-mail providers by sending spam messages to Yahoo and Hotmail using two sources. In the first test, messages were sent from personal systems whose IP addresses had been blacklisted by Yahoo and Hotmail. The second test consisted of sending the exact same message via the Gmail flaw that INSERT discovered.

The difference was significant. E-mail sent to Yahoo and Hotmail from a blacklisted IP didn't even necessarily reach the account's spam box, while forged e-mail sent via Gmail always arrived. That is not to say that trusted-source filtering is bad, but it demonstrate how a security flaw in a single product or service can ripple through an ecosystem.

It is being reported the flaw is still present at the time of this post.

(credit to the Arstechnica report)

Radio Paradise Scrobbler

2008-05-08T21:17:00.002+01:00

Radio Paradise is one of my favourite Internet radio stations, whether I am listening to it via my PC or via my Logik IR100 Reciva based Internet radio.

Radio Paradise is a popular and pioneering Internet radio station that defines itself as "eclectic online rock radio". The channel differs from most FM channels and other Internet stations in that the music played is not limited to any specific genre but instead represents great variety, much like my own listening tastes. Radio Paradise mostly plays different styles of pop and rock music, but occasionally also everything from jazz to classical to electronic music and world music.

I also am an avid fan of last.fm the music community website and have been scrobbling my listening habits for 4 years now. The problem with listening to Internet radio is that media players plugins won't scrobbled the track information, even if it is supplied in the stream, enter build.last.fm which I posted about a while ago, this is a site where developers can post utilities and applications that utilise the last.fm API.

One of these applications is a Radio Paradise Scrobbler which makes use of the extensive playlist information readily available on the Radio Paradise website to add to your listening data. It works pretty well, the only criticism is that it doesn't actually know if you are actually listening to the tracks, this is done independently of the application using the media player of your choice, it seems to simply monitors the playlist for changes whilst running and posts the data. So you will need to remember to close it when you aren't listening.

Twitter expanding my Web2.0 world and a broken Facebook application

2008-05-08T08:00:00.006+01:00

I signed up to Twitter months ago (primarily to squat on the username!) and have never used it, to be honest I have not really seen the usefulness of it, pointless short messages along the lines of "The dog has just broken wind", "I have a headache" and " Did I just hear Hall and Oates singing "Locomotion"? That can't possibly be right ... can it?" (thanks to Wil Wheaton for the last one)

But I decided to give it a go, and of course in the spirit of Web2.0 decided to install the twitter application on my new Facebook page but it bombed out with page full of compiler debug code, a little investigation and it seems I am not the only new user experiencing the problem.

AJ Vaynerchuk posted about the problem five days ago and there is a discussion thread on Facebook full of "me too" posts, but as yet no response and no fix from either party.

Interestingly it coincides with a number of articles and programs I have recently read and listened too concerning the dangers of building a product and/or business model on the top of a platform over which you have no control. If that platform changes, fails or disappears then your are in trouble. While am sure this is more likely to be sloppy coding it is an interesting portent.

Listening to this week's BBC World Service program Digital Planet it had an interview with Jonathan Zittrain who has written a book called The Future of the Internet--And How to Stop It, the synopsis on Amazon.co.uk reads

In "The Future of the Internet: And How to Stop It", Jonathan Zittrain explores the dangers the internet faces if it fails to balance ever more tightly controlled technologies with the flow of innovation that has generated so much progress in the field of technology. Zittrain argues that today's technological market is dominated by two contrasting business models: the generative and the non-generative. The generative models - the PCs, Windows and Macs of this world - allow third parties to build upon and share through them. The non-generative model is more restricted; appliances such as the XBox, iPod and TomTom might work well, but the only entity that can change the way they operate is the vendor. If we want the internet to survive we need to change. People must wake up to the risk or we could lose everything.

On the Amazon.com website it has a slightly different synopsis

This extraordinary book explains the engine that has catapulted the Internet from backwater to ubiquity—and reveals that it is sputtering precisely because of its runaway success. With the unwitting help of its users, the generative Internet is on a path to a lock down, ending its cycle of innovation—and facilitating unsettling new kinds of control.

IPods, iPhones, Xboxes, and TiVos represent the first wave of Internet-centered products that can’t be easily modified by anyone except their vendors or selected partners. These “tethered appliances” have already been used in remarkable but little-known ways: car GPS systems have been reconfigured at the demand of law enforcement to eavesdrop on the occupants at all times, and digital video recorders have been ordered to self-destruct thanks to a lawsuit against the manufacturer thousands of miles away. New Web 2.0 platforms like Google mash-ups and Facebook are rightly touted—but their applications can be similarly monitored and eliminated from a central source. As tethered appliances and applications eclipse the PC, the very nature of the Internet—its “generatively,” or innovative character—is at risk.

It is an interesting observation and prophecy

Last.fm client has not been submitting tracks for days

2008-05-07T20:17:00.007+01:00

Just had a strange problem, the last.fm client has been merrily collating all the tracks I have listened to the last few days, but they haven't been showing up on my played list, the last tracks showing were submitted 5 days ago. The client updated itself this morning as well to version 1.5.0.24910

Checking the support forums it seems I haven't been the only one suffering this problem, and this posted solution seems a little strange but I can verify it worked, the official solutions that have been posted don't.

It appears that when the client is starting up (initiated by your media player starting) it doesn't always successfully connect to the servers correctly. If you click the Help and Check For Updates it reports an error about not being able to connect. Shut down the client and restart it and immediately it updates the list of the unsubmitted tracks. If you check for updates again, it will reports if it's up to date, or that it needs to update (this means the client is actually connecting to the server).

There definitely seems to a bug somewhere, and as it wasn't submitted tracks with the previous client it suggests a fault at the last.fm end.

My broadband speed tests

2008-05-07T10:20:00.003+01:00

Following on from my post about the SamKnows.com monitoring initiative, I decided to do a check on my broadband speed, firstly I used the very pretty graphical test at speedtest.net initially it chose a recommended server in Maidenhead and I only got a pathetic 9345Kbps download, switching to an alternative in London I got the following results (17397Kbps download and 703Kbps upload).

Next I check the speed test at Broadband-expert.co.uk and got the following (19.9Mbps download and 704 Kbps upload)

So seems my 20Mbps connection is preforming well.

On the broadband-expert.co.uk website it also has accumulated results (click speed test results button at bottom of screen) for most of the UK ISPs and my ISP VirginMedia seems to come out pretty well, despite the introduction of even more extreme and complicated traffic shaping schemes.

Bid to find the truth about broadband preformance

2008-05-07T09:54:00.003+01:00

ISP watchers SamKnows.com have launched a bid to discover the truth about the state of UK broadband by recruiting volunteers to install a monitoring device on their network, to collect reams of independent performance data.

They are aiming to attract 200 volunteers who'll be sent a free tweaked Linksys router (a WRT54GL) that will measure and report download speeds for HTTP and non-HTTP traffic, latency, packet loss, DNS response, and website loading times.

It comes as there is a sharp increase in consumer anger against ISPs over blatenty misleading marketing campaigns, opaque traffic management policies and low investment in infrastructure.

I have signed up, so wait to hear.

Secunia PSI - Personal Security Inspector

2008-05-01T16:42:00.002+01:00

Secunia is a respected Danish computer security service provider, one of their primary missions is to track vulnerabilities in software and provide security tools primarily for the corporate IT market.

In addition they also provide a free tool (for personal non-corporate use) called PSI - Personal Security Inspector.

PSI acts on a dangerous problem of vulnerabilities on auxiliary and add-on software. The problem of vulnerabilities in the Microsoft Windows operating system and Microsoft Office are tackled by the much improved Microsoft Update system. However what about all the other installed software which are prone to vulnerabilities? Software like Adobe Acrobat Reader, Flash, Java VM, Media players, compression utilities, third party browsers to name but a few.

Most vulnerabilities are triggered by malformed data files distributed across the internet and unless addressed can prove a real danger to the regular user. The problem is despite a lot of these programs having update systems built in it is easy to miss important updates and critical patches can be forgotten, leaving your system exposed.

PSI using a huge database from Secunia to verify your installed software and will indicate if they are insecure and have updates available.

I liked to think I kept my software updated, but after running the tool for the first time I was told I was only 92% secure there were around 15 programs that were running old insecure versions. I few updates later and I am up to 96%, there are still some programs that updates are not available for with know vulnerabilities, and some whose update process is so confusing and convoluted that updating is next to impossible (not helped by hideously unnavigable support websites, Yes Adobe/Macromedia I am looking at you!)

In my scan there were some expected culprits for being out of date, Adobe Flash, Acrobat Reader, Quicktime and Realplayer and others I was not aware of, such as VLC, 7-Zip and WinZip. It is easy is to have vulnerable software running on your computer. If you are not using anything to keep track of software updates, try PSI, you may be surprised. PSI does a good job on detecting software that needs to be updated, so I heartily recommend it.

There is a on-line version available but the installable client is much more capable. The scanning process is a bit resource intensive, so I would suggest you run it periodically (say once a week) rather than letting it permanently run, which is it's default setting.

OpenDNS

2008-05-01T08:28:00.002+01:00

My current ISP is VirginMedia née NTL née Diamond Cable and has generally been pretty reliable, what issues I have had with connectivity and browsing have often been DNS related.

Most people have experienced this problem at some time, you type in the website address and hit enter then there is a long delay before the website appears, or doesn't appear instead you get an error message. This is quite often the result of Domain Name System (DNS) problems, DNS is the system where the websites alphanumeric name (e.g www.virginmedia.com) is converted into the IP number (212.250.162.12) , effectively it's an internet phone book.

If that system is slow or fails either due to server load, or connectivity problems it creates a delay or failure when using the internet. Also like much of the original infrastructure of the internet DNS was not originally designed with security in mind, and thus has a number of security issues have occured, such as DNS Cache poisoning which has lead to phishing attacks. Because DNS works in the background the idea behind these attacks is to feed the browser an alternative IP address we redirects it to spoof and fake website, either in an attempt to introduce malware or to harvest personal information for ID fraud from the unsuspecting user.

In an attempt to offer a solution to these growing problems or reliability, speed and security David Ulevitch created OpenDNS in July 2006.

OpenDNS offers DNS resolution for consumers and businesses as an alternative to using their internet service provider's DNS servers. The system comprises of servers in strategic locations and employing a large cache of the domain names, the result is DNS queries are usually processed much more quickly, increasing page retrieval speed.

Other features of OpenDNS include a phishing filter and typo error correction (for example, typing wikipedia.og instead of wikipedia.org). By collecting a list of malicious sites, OpenDNS blocks access to these sites when a user tries to access them through their service. OpenDNS has also launched Phishtank, where computer users around the world can submit and review suspected phishing sites. OpenDNS can also be configured to limit access to adult related sites. Details of all the features on offer can be found here.

I have switched my network to OpenDNS, full instructions and HowTos are available on the site. It was painless and simple, browsing does seem quicker but I haven't used it long enough to really comment on the speed improvements but the ability to view statistics and lots of graphs is enough to convince me!

The Real Deal Podcast

2008-04-30T23:16:00.003+01:00

While reading the webware.com news feed I saw mention of a podcast about cloud computing produced by The Real Deal for the CNet.com network.

Cloud computing seems to be the latest buzzword/technology, I heard mention of it in the BBC Digital Planet podcast only yesterday. It is fairly amusing to hear some people referring to the similarity between this 'virtual/shared technology' and the old time-sharing mainframe systems of the 1970s. Further proof that things come in cycles, be it that they are slightly metamorphosed on each iteration.

But I digress, this podcast is a fresh of breath air and I've listened to a couple of other episodes and what strikes me is the simple, layman like explanations and enlightening discussions of all these new buzzwords and technologies. The presenters are Tom Merritt and Rafe Needleman, Rafe is also the editor of webware.com which is a pretty good synopsis of all that is new in the Web2.0 world.

The Web2.0 Bloat!

2008-04-30T20:09:00.002+01:00

Back in the early days of the interweb, when people used dial up modems, bloated large websites were frowned upon and the main criteria in their design was size and therefore speed.

Computers at that time were underpowered and would often fall over when confronted with graphic heavy sites and on-line video was often the preserve of the very wealthy who could afford the CPU, graphic card, memory and time for it to load!

Unfortunately as computers became more powerful, modems got quicker, telephone calls and ISP costs got cheaper there was a natural tendency for the page sizes to creep upward as graphics and multimedia were introduced. I am sure this was sometimes aggravated by spoiled designers with powerful machines at the end of leased lines or ISDN connection. The worst case of this was the completely unnecessary obligatory Adobe Flash 'please click to enter site' page which often took minutes to load.

Now as broadband becomes more prevalent the bloat has continued fuelled by the Web2.0 explosion. This bloat is often offset by the connection speed and the power of the computer. However I have noticed that on some of my older computers ( 1GHz of less, with modest memory and Windows 2000) that some sites now cause similar problems to the bad old days, unstable browsers, constant disk thrashing as the virtual memory systems struggles to cope leading to sluggish performance and navigation. I am sure that people still on dial-up have become increasingly disadvantaged.

Now research by WebsiteOptimization.com has put a figure on the flab as modern websites feed on their diet of Web2.0 lard.

The report states that the mean size of a web page has more than trebled since 2003 from 97.3KB to more than 312KB. The mean number of objects per page has meanwhile near-doubled from 25.7 to 49.9. The authors blame external objects for the majority of delays experienced by web browsers.

Last year saw websites really pack on the data poundage with widgets, gadgets, embedded video and other mashtastic tinsel (thanks to theregister report for that particular phrase). The average page swelled by more than 60KB to 312KB by the end of December and projections put next new year's figure at 385KB.

There's plenty of evidence in the report for the views of ISPs and other industry insiders claiming that the online video boom risks breaking the internet and net neutrality. The authors of the report claim that ten per cent of YouTube videos account for 80 per cent of streaming traffic, and use it to suggest that cached content delivery networks (as being considered by the BBC for iPlayer) are becoming an increasingly appealing proposition to improve performance.

Another interesting fact is that the increase in mean length of web video means more users are experiencing frustrations with re-buffering. According to the report, 87 % of web video streaming sessions are abandoned in the first ten seconds, but how much is due to that, or the fact that 87% of on-line video isn't worth watching?

Talking of the old days, I fondly remember getting a 14.4 modem running on Windows for Workgroups 3.11, which involved installing a third party WinSock (a TCP/IP protocol stack) Trumpet Winsock in my case!

When one blog isn't enough!

2008-04-28T13:45:00.001+01:00

I registered a Livejournal account a long time ago, but never used it and then blogger came along and was much more user friendly. But I reactivated it and have found a way of merging my other blogs in to it! More later, once I've discovered how the Facebook application BlogIT works!

Doing my duty - Malicious activity detection

2008-04-26T23:03:00.004+01:00

For several years I have been using a Linksys WRT54G V1.1 wireless router with the official firmware attached to my cable modem. It has a built in firewall but lacked any proper network intrusion detection system it did have a rudimentary log which could be accessed via the web-page interface but that was pretty much useless when trying to look for malicious activity such as denial of service attacks, port scans and attempts to crack into the network via vulnerabilities.

It always worried me as to what attempts were being made to get past the firewall on to my network. Some of my network PCs have software firewalls as a backup and alerts have been almost non-existent but it still nagged away. Last year I toyed with taking an old PC and creating a Smoothwall firewall, because of the logging and ability to install Snort but I really could justify the space and expensive of having another PC on 24/7.

As I posted yesterday I finally got the nerve up to install one of the numerous third party replacement firmwares for the router. Plumping for the Tomato variety!

One of the first things I noticed was the improved logging, which can be sent to an external PC running a monitoring/analysis program. In the wikibooks page it mentioned the WallWatcher software for Windows so I downloaded and installed it, configured the router and lo and behold I was getting information about all those Chinese TCP/IP packets bombarding my router!

I have now signed up and have installed the necessary client software to upload the logs to the SANS Institute Internet Storm Centre DShield system and myNetWatchman systems. These organisations use volunteers who submit their data to help detect problems and analyse threats, creating technical information and alerts to the general public.

The system works by having a network of hundreds or thousands of people from all over the world submitting information from their firewalls and intrusion detection systems about unwanted traffic arriving from the Internet. This data feeds the appropriate database where analysis is made looking for abnormal trends and behaviour. In the case of DShield the resulting analysis is posted to the ISC's main web page where it can be automatically retrieved by simple scripts or can be viewed in near real time by any Internet user.

I really feel like I am doing something good, and of course it is fairly geeky! These are the 'attacked' ports from today!

Tomato Firmware installed on my WRT54G

2008-04-24T14:55:00.004+01:00

Well I took the plunge and just installed it - will report as I discover any benefits/bugs.

I am hoping it will improve the reliability of my wireless connection to my XBox/XBMC setup, it's been a bit flaky lately.

Speeding up the NSLU2

2008-04-24T09:59:00.003+01:00

In my home network I have a small NAS (Network Attached Storage) solution consisting of a Linksys NSLU2 (Network Storage Link for USB 2.0 Disk Drives) and a number of attached external USB hard disks.

The NSLU2 or "SLUG" as it is often called runs Linux, as per the terms of the GNU General Public License Linksys were required to release their source code. Due to the availability of this code and the relatively low cost of the device, there are several community projects centered around it. Including a number of replacement firmware images available for the device. I have been tempted to use Unslung which is based on the official Linksys firmware with some improvements and features added, but have been wary about bricking it.

Despite it running the official firmware it has proved a reliable device and the attached drives are full of my music and video collection. However it has never been the speediest device, sometimes being sluggish(sic) to transfer across the network and the web-interface sometimes being painful slow to respond.

The device has two USB 2.0 ports for connecting hard disks and uses an ARM-compatible Intel XScale IXP420 CPU. The device includes 32 MB of SDRAM, and 8 MB of Flash memory. It also has a 100 megabit Ethernet network connection.

I have discovered that models manufactured prior to around April 2006, Linksys had, for an unknown reason, under-clocked the processor to 133MHz, though a simple hardware modification to remove this restriction is possible. Later models (circa. May 2006) are clocked at the rated speed of 266MHz.

Today I took the plunge and opened up the unit and removed the appropriate resistor. Full details on this page.

I can confirm that the device is indeed much speedier and responsive. Maybe I might just get around to trying out Unslung and installing Tomato firmware on my WRT54G.

BBC News - They broke my favourite website

2008-04-08T08:23:00.001+01:00

"Change for change sake", "If it ain't broke, then don't fix it" are all comments I've read about the new look BBC News website. The site adopted a new look at the start of the month and at first sight I hated it, and so did many others judging by the comments on the BBC Editors Blog. The old site design, which won awards and almost universal praise was a clean compact design and reminded me of reading a newspaper column. The new design was all spaced out had now had more white space than text and I found it difficult and almost unreadable.

To their credit and responding to comments the BBC have made minor tweaks to improve the look and feel. However one gripe I still have is many pages seem to render incorrectly in Firefox.

This is an example of a 'broken' page - it looks fine in Microsoft Internet Explorer

However in Firefox, odd things happen to the font sizes and alignment of text and pictures

While it may be something unique to my machine and/or is probably a simple fix I have seen it quite often on numerous pages.

One of the strengths of the old design was it seemed no matter what platform or browser you used (with the possible exception of lynx) it's compact size and simple design meant it always looked the same.

Apple Updater Acts Like Trojan

2008-03-22T15:26:00.003Z

I don't have an iPod and will never ever use iTunes, so much so I will resist installing it with my dying breath. I used an earlier version on a previous PC and it was a pile of "donkey's queer things" completely renaming my existing audio library and hogged resources.

I use Quicktime, but only because people will insist on using the proprietary mov format for videos, the Quicktime player is another bloated, slow and resource hungry program. So while Apple Mac advocates sing the praises of their machines and the software they run on them my experiences of Apple software on Windows has been disappointing.

For a long time the Apple website has dubiously implied that the installation of Quicktime required iTunes, the standalone Quicktime player being hidden away on the website. In addition, following a recent update to Quicktime (due to yet another security vunerability) my machine had become infected with the Apple Software Updater. I say infected because despite only having Quicktime installed it has for many weeks telling me to update iTunes and helpfully filling in the tickbox so should I not have be paying attention and select update I would have installed it.

This morning the updater had an additional item (and filled in tickbox) Safari, Apple's new web browser! Surely this amounts to spam and trojan activity by attempting to install software on a persons machine without their knowledge?

What is even worse is the marketing blurb you see in the updater

“Safari for Windows is the fastest and easiest-to-use web browser for the PC. It displays web pages faster than any other browser and is filled with innovative features — all delivered in an efficient and elegant user interface.”

But what it fails to mention are the ongoing worries about security risks on Safari, especially for people using Window operating systems.

Automatic software updaters are becoming the norm, with Windows and Firefox two prime examples, But the big difference here is that they only offer updates to what is already installed, rather than spamming users with unwanted software downloads. Of course advocates will claim Apple isn’t making you download anything, you can always say no, but how many people new to iTunes will blindly click ‘Install’, thinking it’s part of the essential program?

It seems to have inflamed a lot of people with blogs full of outrage. Mozilla's CEO John Lily has hit out at Apple's decision.

Interrupts hogging CPU use caused by UDMA drives reverting to PIO mode.

2008-03-22T05:01:00.006Z

I have experienced some on going problems with my Dell PC running XP being slow and unresponsive, as well as the hard disk problems [1][2][3].

Running the SysInternals utility Process Explorer I have noticed that it was indicating that "interrupts" were taking the majority of CPU load, and it seemed related to disk activity, when copying large files to and from USB drives for example. I did a quick google and discovered this post which identified the problem, which is related to way XP handles the DMA mode on ATA/ATAPI devices (article here and discussion here).

For repeated DMA errors. Windows XP will turn off DMA mode for a device after encountering certain errors during data transfer operations. If more that six DMA transfer timeouts occur, Windows will turn off DMA and use only PIO mode on that device.
In this case, the user cannot turn on DMA for this device. The only option for the user who wants to enable DMA mode is to uninstall and reinstall the device.
Windows XP downgrades the Ultra DMA transfer mode after receiving more than six CRC errors. Whenever possible, the operating system will step down one UDMA mode at a time (from UDMA mode 4 to UDMA mode 3, and so on).

Sure enough checking my machine the drives were switched to PIO mode.

To access this information use Settings->Control Panel->System->Hardware->Device Manager and then expanding the IDE ATA/ATAPI controllers

Double click them and under advanced settings you will see the transfer mode selected

If the current transfer mode is set as PIO rather then UDMA then the best thing to do is uninstall the driver and let XP reboot, this reinstalls the driver and resets the transfer mode. This works for SATA drives as well as they are still IDE drives.

I can't recommend the SysInternals Process Explorer utility enough and is a worthwhile replacement for Task Manager. The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Microsoft acquired Sysinternals in July, 2006. The site is full of useful utilities to help manage, troubleshoot and diagnose Windows systems and applications.