February 2008 | Main | April 2008
This is just awful. The girl’s parents should publish the name of the letting agent concerned; I can’t honestly see any landlords or tenants wanting to be associated with someone who would take this kind of attitude.
In case anyone is interested, we’re hiring.
OK, so I get 75/100 on Acid3 with Safari 3.1, with the following failures:
Failed 25 tests.
Test 01 failed: method [object NodeIterator].nextNode() didn't forward exception
Test 02 failed: expected '[object HTMLElement]' but got 'null' - expectation 13 failed
Test 04 failed: expected 'null' but got '[object HTMLIFrameElement]' - expectation 21 failed
Test 06 failed: expected '[object HTMLTitleElement]' but got 'null' - failed to handle regrafting
correctly
Test 11 failed: when trying to surround two halves of comment: wrong exception raised; code = 3
Test 13 failed: collapsed is wrong after deletion
Test 18 failed: expected '10' but got '1' - DOCTYPE nodeType wrong
Test 23 failed: no exception for createElementNS('null', ':div')
Test 25 failed: failed to raise exception
Test 26 failed: e1 - parent element doesn't exist after looping
Test 27 failed: e1 - parent element doesn't exist after waiting
Test 38 failed: Value undefined (result of expression p.childNodes[1].replaceWholeText) is not object.
Test 42 failed: expected '1' but got '0' - rule did not start matching after change
Test 44 failed: expected '0' but got '1' - misparsed selectors
Test 46 failed: expected 'none' but got 'uppercase' - case y1 failed (index 25)
Test 59 failed: expected 'submit' but got '' - <button> doesn't have type=submit
Test 65 passed, but took 20ms
Test 70 failed: UTF-8 encoded XML document with invalid character did not have a well-formedness error
Test 71 failed: expected '2' but got '1' - wrong number of children in #document (first test)
Test 72 failed: expected '3' but got '2' - cssRules isn't live
Test 75 failed: Value undefined (result of expression anim.beginElement) is not object.
Test 76 failed: expected '0' but got '100' - Incorrect animVal value after svg animation.
Test 77 failed: expected '42' but got '65' - getSubStringLength #1 failed.
Test 79 failed: expected '34' but got '33' - SVGSVGTextElement.getNumberOfChars() incorrect
Test 86 failed: calling setMilliseconds() with no arguments didn't result in NaN
Test 92 failed: Function object's prototype's constructor was ReadOnly
Total elapsed time: 0.32s
This compares with the latest Webkit nightly build, which managed a stonking 92/100:
Failed 8 tests.
Test 02 failed: reached expectation 13 when expecting expectation 12
Test 23 failed: no exception for createElementNS('null', ':div')
Test 25 failed: failed to raise exception
Test 26 passed, but took 74ms
Test 65 passed, but took 17ms
Test 69 passed, but took 31 attempts.
Test 70 failed: UTF-8 encoded XML document with invalid character did not have a well-formedness error
Test 75 failed: Value undefined (result of expression anim.beginElement) is not object.
Test 76 failed: expected '0' but got '100' - Incorrect animVal value after svg animation.
Test 77 failed: expected '4776' but got '5550' - getComputedTextLength failed.
Test 79 failed: expected '34' but got '33' - SVGSVGTextElement.getNumberOfChars() incorrect
Total elapsed time: 5.31s
Interestingly both of them seem to achieve the scores above plus or minus a point. I'm not sure why that is.
Anyway, pretty impressive, especially given the state of Acid3 rendering on other browsers.
It seems that the BBC has come up with a whole new use for straight quotes (the image is a link to the article on the BBC News site):
Yes, folks, apparently they’re now used for emphasis.
It’s pretty depressing to think that this kind of thing made it past an editor at the BBC.
The installer for the new version of MYOB AccountEdge Plus (previously known as MYOB Accounting Plus) restarts the machine.
It’s been irritating me for a while that a lot of software, particularly that written by companies who normally deal with PC software, unnecessarily restarts the machine once it has been installed.
Anyone writing an installer for Mac OS X should take note: You don’t need to restart the machine! In particular:
So please, when you’re building Installer packages, don’t unnecessarily force the user to restart his machine. In particular, if you are not sure whether you need to restart, please ask someone on one of Apple’s many mailing lists or ask Developer Technical Support for their advice.
Don’t just assume that you should restart, because that gives a very bad user experience for your customers; remember, if the user reinstalls their machine from scratch, they may have to install many pieces of software, and if every one of those asks to restart their machine, they are rapidly going to become irritated; even if restarting is optional, end users have no way to know if a restart is necessary.
Craig Hockenberry (via DF) makes a good point about allowing arbitrary background apps to use the iPhone’s radios.
It seems likely that he’s right about the future direction Apple will take with this. My own preference would be for a generalised events framework, maybe based on the existing notification support. If it supported launch-on-notification, there wouldn't really be a need for background apps at all, it seems to me. Doing things this way would mean that it was possible to co-ordinate use of the device's radios in a sensible way, and it would also allow applications to ask to have code run e.g. at a certain time in the future, without having to leave any of their own code running in the background.
It’s easy to get all het-up over MPs’ expense claims, but it is worth remembering that some of this is here so that it’s possible for anyone to be an MP, no matter how much money they have, which is a laudable aim.
There’s no doubt it is a privilege that has been abused; there have been reports of MPs buying second properties a few minutes away from where they already live, reports of them buying properties that are just as far from Parliament as their main residence, etcetera. Those should clearly be stopped and the people in question censured for behaving in that manner.
(The iPhone SDK is still under NDA; even though it’s being widely ignored, I’m only going to respond to articles others have published.)
There are a number of commentators, notably Rogue Amoeba, complaining about some of the restrictions Apple has placed on third-party applications.
Of Rogue Amoeba’s list, I agree with one or two of them; it would be nice to be able to run background agents (not full applications), but I think this is the kind of functionality that perhaps should only be made available to people who pay a bit more up-front than the current $99 charge, to discourage any misuse; and access to the host computer and the docking port would be pretty useful too, though perhaps there are security concerns about host access too… I can’t claim to have thought deeply on the matter.
A lot of the others are just crazy. We really don’t want code running on the iPhone to have root access, or to provide access to the entire filesystem. Both of those restrictions are good security features and should discourage people from writing viruses and other malware for the device.
As for the calls from various parties to allow VoIP over the cellular network, it doesn’t actually matter whether Apple does or doesn’t, because no cellular carrier is going to allow them at the network level. I also have my doubts that the call quality would be acceptable, especially as GPRS and EDGE tend to have a substantial latency for IP datagram delivery and VoIP has no built-in support for handling cell hand-off (unlike GSM voice, which works seamlessly in such cases). Moreover, I don’t think it would be fair to expect mobile phone companies to allow people to use their expensive wireless networks for free to provide their customers with a competing service at an artificially low price.
Jeff Atwood on the shocking behaviour of G-Archiver.
When I first read this, I was angry. Really angry.
We developers already get all sorts of crazy and unfounded accusations about “violating privacy”, without some jerk writing software that really does steal your data.
For the record, I am an ACM member, so I have to comply with the ACM Code of Ethics that Jeff mentions at the top of his blog post, not to mention the various laws we have here in the U.K. on the matter (e.g. the Data Protection Act, which is overseen by the Information Commissioner’s Office).
Some people are just unbelievable.
We definitely do not want this country’s legal system going the way things have in the United States. That this chap slipped on a grape is unfortunate and the fact that he was injured doubly so. But it is hardly the fault of Marks & Spencer. For one thing, he should have been watching where he put his feet; for another, I don’t see how M&S could possibly be expected to be responsible for a single grape ending up on the floor, whether in their store or in their car park.
Hopefully our judiciary has the sense to reject this nonsense.
If true, this is awful. IMO Hugh Laurie is a truly great actor; it was a wonderful surprise to find him in a new TV series, especially one as good as House. I was a big fan of Jeeves and Wooster, and also of the comedy programme A Bit of Fry and Laurie. Not to mention the excellent Blackadder.
I hate DSL routers. I don’t know why, but router manufacturers seem incapable of designing one that works properly. They’re usually let down by their software, and sometimes they’re also let down by their hardware too.
The most recent routers I’ve used are:
This one seems to be generally OK, although the web interface is pretty awful. I think the problem there is that Alcatel can’t make up its mind whether it wants the router to be easy-to-configure or full of features, so the web interface is an uneasy half-way house. The worst problem with it is that it’s badly organised and hard to navigate; there are pages that look just like the settings screens, but where you can’t change anything, and it often takes me a couple of minutes to find the right part of the interface.
It seems to be fairly decent from the command line, though the docs for that are somewhat lacking.
WLAN works OK on this router, which is a refreshing change.
The main problems with this router aren’t to do with the software, which is OK (not brilliant, but OK). It has a good range of features and a reasonable web interface, which is at least easy to navigate, unlike the Alcatel.
No, the main problems are hardware ones. Firstly, this router’s input seems to be too heavily attenuated, as a result of which it has trouble sustaining a DSL connection at high data rates. I’m quite close to the local exchange, so there’s no good excuse for this, especially as other vendors’ products don’t suffer from this problem.
Second, the WLAN is unreliable. When I bought this, I was hoping that I could replace an earlier ZyXEL Prestige (a 243, I think) and my Apple AirPort with just the one box. No such luck.
I bought this to replace the ZyXEL when it became apparent that I was going to have regular connectivity problems with the latter. It was easy to set up, with a simple web interface and the DSL connection has been very reliable with this unit.
Unfortunately there are some serious deficiencies with the DG634N, which Netgear doesn’t seem to be in a great hurry to address:
Oh, and this is another router with unreliable WLAN. Maybe that’s because it’s trying to support 802.11n draft 1, but since I’m using 802.11g devices primarily, that doesn’t seem to be a good excuse. Nor does it matter how I configure the WLAN support.
All of this might be OK if, as with other Linux-based routers, the firmware could be replaced with something a bit better. There are a couple of custom firmware packages out there, but because the drivers for the Broadcom chipset that is used by this router aren’t Open Source, they are basically the same firmware with rebuilt applications and/or modified web interface.
Anyway, in a fit of irritation, I bought myself a new Airport Extreme and a Netgear DM111P DSL modem. The Airport in particular was spectacularly easy to set up, though I would have liked to have been able to choose a subnet of 10.32.x.x which is what I had been using previously (10.0.x.x is no good because if I do that then I can’t connect to the VPN between my home and my office).
As a result, I now have reliable WLAN (with a better signal than I got from my previous Airport), a reliable DSL connection, and reliable NAT traversal courtesy presumably of NAT-PMP. I can finally screen share between work and home! Yay!
OK, so the AirPort Extreme isn’t terribly configurable and doesn’t support UPnP. It does work however, which seems to be something of a unique selling point in the home router market.
{urn:upnp-org:serviceId:WANIPConnection} rather than {urn:schemas-upnp-org:service:WANIPConnection}), and unhelpfully returns the wrong error code (402 Invalid Args rather than 713 SpecifiedArrayIndexInvalid) when you pass an out-of-range index to GetGenericPortMappingEntry(), which is irritating because the error is the only way to tell when you’ve finished enumerating mappings.
2 Yes, I know about debug mode and that you can get a Linux prompt, with all that that implies. That’s not the same thing, and as a result of the lack of a command line interface, the features in the web interface are basically all you get (unlike some other manufacturers’ equipment).
I was getting a weird problem where one machine could connect to an IPsec/L2TP VPN where another one was giving messages like
MPPE required but kernel has no support
on its console at the same time as the server was issuing messages such as
LCP terminated by peer (MPPE required but not available)
There wasn’t any obvious reason for the machines to behave differently (though one was Intel, one PowerPC, and the PowerPC one—which was where the VPN didn’t work—had been upgraded to Leopard with a VPN connection already set-up, though not the connection I was having this problem with).
Anyway, the solution is simple; edit the file /Library/Preferences/SystemConfiguration/preferences.plist. You need to look through the NetworkServices dictionary until you find the VPN connection you want to fix, then go into the PPP dictionary and change the CCPMPPEnnEnabled keys to 0.
This fixed it for me.
Over the past few months I’ve noticed a number of people misusing all four of these words. Since the dictionary definition is unlikely to be helpful in such cases, I thought I’d give some examples of correct usage in the hope that anyone who is confused will find this post and get it right.
Let’s deal with affect versus effect first:
Wrong: The position of the switch effects the light output of the lamp.
Right: The position of the switch affects the light output of the lamp.Wrong: The lamp is effected by the position of the switch.
Right: The lamp is affected by the position of the switch.Wrong: To effect the lamp, one can push the switch.
Right: To affect the lamp, one can push the switch.Wrong: To affect a change in the lamp, one can push the switch.
Right: To effect a change in the lamp, one can push the switch.Wrong: The affect of the switch is to change the light output of the lamp.
Right: The effect of the switch is to change the light output of the lamp.Wrong: A change in the lamp may be affected by pushing the switch.
Right: A change in the lamp may be effected by pushing the switch.
Now infer versus imply (this is a little more complicated :-)):
Wrong: Mr. Smith implied from the e-mail that Mr. Jones did not like cats.
Right: Mr. Smith inferred from the e-mail that Mr. Jones did not like cats.Wrong: “From the e-mail,” said Mr. Smith, “we must imply that Mr. Jones does not like cats.”
Right: “From the e-mail,” said Mr. Smith, “we must infer that Mr. Jones does not like cats.”Wrong: The e-mail inferred that Mr. Jones did not like cats.
Right: The e-mail implied that Mr. Jones did not like cats.Wrong: The inference of the e-mail was that Mr. Jones did not like cats.
Right: The implication of the e-mail was that Mr. Jones did not like cats.Wrong: In the e-mail, Mr. Jones inferred that he did not like cats.1
Right: In the e-mail, Mr. Jones implied that he did not like cats.Wrong: From the e-mail, Mr. Smith implied that Mr. Jones did not like cats.
Right: From the e-mail, Mr. Smith inferred that Mr. Jones did not like cats.Right: “Are you inferring that I don’t like cats?” said Mr. Jones.2
But more likely: “Are you implying that I don’t like cats?” said Mr. Jones.
In case it’s still not clear:
Finally, you can read dictionary definitions of affect, effect, infer3 and imply.
Why does all this matter? Well, for one thing, if your English is sloppy and you are arguing a case for something, your argument may look less persuasive—indeed, less rational—than the counter argument. There is no reason to suppose that those arguing the opposite position will be sloppy in their use of English.
Poor use of English shows a lack of care and a lack of pride in your writing, not to mention a lack of respect for the reader—if you don’t care sufficiently about your writing, why should the reader bother reading it? Why did you bother to write it in the first place?
When written well, English is a wonderful, expressive language; irregular and awkward it may be, but it has a beauty both of sound and of meaning. Careless mistakes mar that beauty and reduce the enjoyment of the reader.
1 Unless you mean that Mr. Jones is being written about in an e-mail and in that e-mail he inferred that some other person—Mr. Smith, perhaps—did not like cats, in which case it would be right. Isn’t English wonderful? :-)
2 In the first case, Mr. Jones is asking if the other party has come to the conclusion that he—Mr. Jones—does not like cats. In the second, Mr. Jones is asking if the other party is stating indirectly that Mr. Jones does not like cat. The two have different meanings, but they are both correct. You are more likely to want the second meaning.
3 The author of the Usage Note from the Random House Unabridged Dictionary in my view misunderstands the sentence it quotes, “The next speaker criticized the proposal, inferring that it was made solely to embarrass the government.”
There is nothing wrong with the sentence at all; it is the speaker who infers that the proposal was made to embarrass the government. It is not the proposal that does the inferring here, and so their claim that this sentence lends credence to the misuse of the word “infer” is incorrect.
This c|net News article is titled “To be anonymous or not to be, that is the privacy question”.
As I’ve said before, anonymity and privacy are two very different things. Unless you habitually wander about in a Burqa, speaking only through a voice changer and wearing platform shoes, that is. But nobody does that, right?
I just joined Twitter.
MacForensicsLab, part of SubRosaSoft, has published a white paper on Mac malware (which it has the cheek to describe as an “academic white paper”; for the record it is clearly a commercial document not an academic one). The web version is uncredited, but the PDF (a whopping 50.2 MB!) appears to have been written by Marko Kostyrko, SubRosaSoft’s CEO.
The paper, broadly speaking, makes four key points, which you can find summarised at the bottom under the heading “For Apple, Inc.”. Of those four, controlling access to the address book is not a bad idea, nor is extending the sandbox system introduced in Mac OS X 10.5 (though it isn’t clear what the author means by including “code that is created locally”).
The other two points, arguably the most important, unfortunately don’t hold up to scrutiny:
“Apple might consider implementing a mechanism whereby a bundle cannot contain more than one executable for any given “Contents” subfolder. This would reduce the ability of malware authors to piggyback their code inside an otherwise legitimate bundle.”
This idea is just plain ridiculous, especially for someone whose company sells utility software since utilities rely on the use of helper tools, which are auxiliary executables embedded in the application bundle that permit privileged operation.
Furthermore, this restriction wouldn’t achieve anything (besides breaking a number of existing applications, that is). There’s nothing stopping a malware author from e.g. moving iTunes.app into /Library/Application Support and replacing it entirely, leaving only a single executable inside each bundle.
Apple has already partially addressed the problem of maliciously altered applications by implementing support for code signing. If you attempt to modify a signed application as described earlier in the article, its signature will no longer match.
It is true that Leopard presently does not inform the user if a signature is no longer valid. But it does restrict applications with invalid signatures in various ways, and, depending on the settings in the application’s Info.plist file, it can be configured to terminate applications that have been tampered with.
If there is anything Apple needs to do here, it is to add a warning before launching a signed application with an invalid signature. Even then, it would only protect against modified apps, not against malicious apps dressed up as legitimate ones.
The second part of this section says:
“Apple may also wish to discuss disallowing multiple extensions inside a .app bundle. This would reduce the ability of malware authors to disguise executable bundles as data files for their pro tools.”
I assume Kostyrko means that Apple should disallow application bundles with multiple extensions, since he believes that Mac OS X will hide the “.app” extension. (For reference, when writing an academic paper, it is a good idea to get your terminology right, which would have avoided any doubt here.)
Well guess what? Apple has already addressed this. If, on OS X 10.5, you take an application and try to rename it to have two extensions, Finder will display both extensions, even if the bundle has its “hide extension” property set.
“The programs (commonly known as Applications) that a user relies upon… are stored unprotected inside a folder called ‘/Applications’. Any program running on a Mac OS X system can write to this folder and to most of the contents therein”
and
“Apple may think about making it the default behavior for the system to require admin access to write to this very important folder. Furthermore Apple should make an interface that is easy, obvious, and non-technical to turn this access control on or off.”
Sorry Marko, yet again I have news for you. OS X already does this too, and the Applications folder is not as you erroneously claim “unprotected”. If you use a non-administrator user, you can’t modify the Applications folder, and furthermore, if you try, Finder will offer an authentication dialog so that you can make changes if you know an administrative username/password.
A lot of users of existing OS X use administrative users day-to-day, certainly, because that’s what the OS X installer creates for you automatically. But there’s nothing stopping you from going to System Preferences and making an additional, non-administrative user for day-to-day use. Indeed, if you’re reading this and you haven’t already done so, I encourage you to do just this.
Helpfully, most OS X software works just fine from a normal user account, unlike the situation on Windows where there was and probably still is plenty that requires you to be logged-in as an admin user just to run it.
Update (2008-03-07): Stéphane Sudre just pointed out that a lot of apps install into /Applications with the wrong permissions, either because of broken installers or because they’ve been installed using drag & drop. This is a fair point, though looking on my system I can only see a small number with suspect permission settings. I’d be interested to know what the exact deal is with drag & drop install and permissions; I’m not sure I know OTOH exactly how that works and I probably should :-)
Not only is the paper inaccurate, it is full of needless scaremongering, with sections titled “Macs Are Vulnerable” and “Complacency” as if to emphasise the author’s opinions and quotes from analysts about how “most Mac users take security too lightly”. Some of these sections are even written in the present tense, as if there is a significant amount of malware already in the wild. Thankfully there is not.
I find the entire thing particularly irritating, to be frank. The methods of product promotion used by the security software industry have often been criticised in the past, but dressing this lightweight marketing exercise up as an “academic” paper? Even without the inaccuracies and the needless scaremongering, this wouldn’t be published by any reputable academic journal.
Anyway, the best thing you can do for now as an end-user is to make yourself a non-admin account to use day-to-day, and to ensure that you keep regular back-ups of data you care about. Using a non-admin user will make it difficult for malware to affect applications installed on your machine, and keeping backups of critical data means that if the worst ever did happen, you could wipe the system and start again without worrying about losing data.