[ profile] ms_katonic mentions that Microsoft have added a little bonus to the .NET framework via Windows Update. It's a Firefox extension that enables the use of Microsoft's technology. Others have been talking about this for some time, but that was the first I heard of it.

So, what's the damage?

Well, obviously a lot of people are concerned that Microsoft would install an addon of any nature without asking. To my mind that's somewhat rude of them, but not atypical of the Windows desktop, which often feels like a battleground for warring corporate interests anyway. There's a certain amount of panic over the fact that OMG you can't uninstall it, but really that's more of a limitation of Firefox - any addon installed system-wide gets its "Uninstall" button greyed out (c.f. the "Ubuntu Firefox modifications" and many others). However, Microsoft could certainly have made the uninstall process easier.

But that's not really the point - the point is, how dangerous is ClickOnce? Which really boils down to: is it sandboxed? Well, yes and no. Wikipedia says "ClickOnce employs CAS (Code Access Security) to ensure that system functions cannot be called by a ClickOnce application from the web, ensuring the security of data and the client system in general.". That's a sandbox, this is not ActiveX, so we're fine, right?

Looking a little deeper though, the picture is more worrying. Yes, there's a sandbox, but it's perfectly possible for an application to request privilege elevation, all the way to the user's privilege level - the user will just be prompted with a single dialog. For reference, here's the dialog for a signed application which requires no privilege escalation and just wants to add itself to the Start Menu, and here's the dialog for an unsigned application which requires privilege escalation in order to add your machine to a botnet.

In case you're having trouble telling them apart, the difference is in the shape of the icon in the lower left hand corner.

The trouble is, there's a large segment of the population for whom either dialog may as well say "If you want to tech the tech, you need to tech the tech with the teching tech tech. Tech the tech? Yes / No". And they have the right to expect their machine won't get compromised either, especially after that nice friend or family member installed Firefox for them and told them they were now safe.

So yeah, remove the addon if you're running Windows. But by being the sort of person who removes the addon, you're pretty much the sort of person who's perfectly safe with it installed. Ah well.
A couple of days ago someone gifted me an LJ paid account extension. Thank you whoever you are, but if you're at all able to let me *know* who you are, I would really appreciate it. don't feel you need to comment, just send me a mail.
Please comment if you would like any of the following and are prepared to take them away:
  • Mission m73 floorstanding stereo speakers (large!)
  • Gale centre speaker
  • Hauppauge NOVA-T PCI freeview card (Windows disks lost, works great with Linux / MythTV)
  • Generic 17 inch TFT monitor (1280x1024, VGA only)
Please please please only comment if you are actually prepared to actually come here and actually take the item. I don't want to be "reserving" things for people for six months, I am trying to get rid of them. That is the point.

So, I now have a cron job which backs up [ profile] trishpiglet's and my LJ twice a week.

Just one thought: all these backup tools produce different file formats don't they?
All The first tranche of my pictures are up here.

I'm still trying to contact some people to get permission to post pictures of them, so more will probably be added. In particular, if you are:

[ profile] alethia_juturna
[ profile] ebee
[ profile] lydiasings
[ profile] solace_aderyn
[ profile] yoyoangel

then please get in touch and let me (or ideally the rest of BiCon) know!
babysimon: (starfire) => "Sorry, we cannot provide a Debian/Ubuntu repository anymore. Please download your desired package from the Sun Download Center!"

You know, I've specifically championed VirtualBox over VMWare because Innotek bent over backwards to make it easy to start using it. A confusing and messy website is not equivalent to an APT repository.

Sun, please please try to stop loving your products to death.
I promise not to turn into [ profile] ciphergoth, but...

Someone on [ profile] wildeabandon's LJ posted a link to the objective historical evidence for the bible.

I am absolutely stunned at the emptiness of the arguments found therein. Let's look at the article The Evidence for Christianity, since it's the featured article on the site. It's of intermediate difficulty, a quality that it shares with myself.

However, I'm more at an entry level when it comes to theology, so I'm going to summarise what I think yer man is saying, and then if you want you can tell me I'm wrong. The paragraphs are handily numbered for the purpose, although not in a very clear manner (I assume because Microsoft Word works in mysterious ways).


Read along with the original for the best effect...
Oh my god! The science, it burns!
We had a lovely weekend at Sparkle - not the life-changing event that I think many people have for their first BiCon, but fun all the same. More details and of course photos in a later post.

Unfortunately when we got back we found we'd been burgled. TV, laptop, SLR and Wii are all gone. Forced entry, rear window, some time Saturday.

The laptop was backed up and the insurers are so far being cooperative, so we're not too badly upset, but you can imagine it's not a great deal of fun. The police are not helping with my mood by telling us not to touch anything but being very slow to send the forensics team.

Sympathy comments are appreciated but by no means expected. Comments telling stories about unpleasant burglar behaviour or police uselessness will be Considered Unhelpful and probably deleted.
Long shot I know, but I don't suppose anyone has an old MP3 player they could lend me for a month or so until I can afford a new one.

And yes, I did leave my old one somewhere and forget about it - why do you ask?
My patience is really getting stretched this week.

Carl The Fitter just rang me up to tell me he's run out of flooring. This is apparently My Problem.

When I ordered, I gave David The Owner the size of the room, and he said: "right, you need x cartons of this, one pack of underlay...". Unfortunately he got the sums wrong or something, and so there's not enough.

In order to fix this mistake of his, I need to buy more flooring. OK, that's perfectly fair, I need a certain amount, and I need to pay for it.

Oh, but if I want it fitted, I'll need to pay for another day of Carl's time.

Oh, and I also need to pay for delivery again.

Obviously it's unfair that either Carl or David should lose money by this mistake.

And this means the decorators can't put skirting boards on and thus continue with their work until it's resolved. (The skirting boards that the flooring people were meant to sort out, but let me down on.)

At the moment we're having a *lot* of stuff done to the house. The living room floor is just one part of this, but it's definitely caused me more headaches than the rest put together.


Jan. 2nd, 2008 10:19 am
Before I go to the trouble of ebaying it, does anyone want our TV?

It's a 28 inch widescreen Sony WEGA from back in the days when they made nice CRTs. Flat Trinitron tube. 2 SCART sockets, stereo, analogue tuner only.

Free to a good home, but it's heavy (around 40kg I think) and you have to collect it.
Cerys Catatonia sang "Every day, when I wake up, I thank the lord I'm Welsh".

Well, I'm not Welsh, but I wake up thankful I'm
  • An atheist
  • Alive in the twenty-first century
  • Generally perverted (SM/Tranny/Poly etc.)
What entirely-partisan things do you wake up thankful for?

(Variations on my last bullet point are too easy and do not count. So ner.)
Since a few people have asked about it.
Under the cut )
[ profile] jhg said:
As I'm sure most of you know, as of this week the Official UK Top 40 no longer requires a physical medium to be available in the shops for sales to count towards the official charts: downloads from the officially sanctioned UK stores count too.
This is as good a time as any to reiterate the following point:

If you buy a CD, you can rip it and play it anywhere. If you buy from a download service you can't.

Specifically, if you buy from the iTunes music store, you will only ever be able to play your music on Apple products (or optimistically on products licensing the technology from Apple - no such products currently exist). That's iPod and iTunes. No competing software or hardware. You might not care - you might be happy with Apple products right now. But can you guarantee you'll like Apple's products in 2010? What if you want a type of product Apple doesn't make, like a media PC, or a network audio player? Or a games console? Sorry, no music for you!

Of course this isn't specific to Apple. You can buy from other stores, and get locked into other small groups of manufacturers. Microsoft even managed to launch two incompatible download services.

Some of the other services don't lock you in as much as Apple, but you still have to pay a lot of attention to whether your downloaded music works with your (current or future) hardware. There are even some smaller download services which don't restrict you at all, but they tend not to have mainstream music on them. So, right now, as a rule of thumb:

You should buy music on CDs if you think you might want to listen to it in the future.

I know a lot of people are painfully aware of all this, but I've had conversations recently which have indicated that some people really aren't. Hence the post.

Please note, this post is not to be taken as saying I don't like Apple's products (I'm not brave enough to say that in public), just the lock-in.
