I’ve updated my regular expression patch for ICU to work against the recently released ICU4C 3.6.

You can read about the functionality this adds here and here.

What a cool idea for an OS X screensaver.

I’d quite like to see how much code this took; they (Bruno Roudot, Boris Cargo and Vincent Zorzi) used Quartz Composer, so I’m guessing it’s not nearly as much as it looks.

Anyway, it’s a neat screensaver.

As a Mac user (and with a shiny new Mac Pro at my desk, to boot), I’m becoming increasingly frustrated with StuffIt. The fact is that it’s a product that I just don’t need, and would rather not have installed on my system, but the sad fact is that a lot of Mac files are compressed with StuffIt rather than being zipped, tarred and bzip2’d or gzip’d, or even just stuffed in a compressed .dmg.

Originally I wasn’t so bothered, but what made me blog about this today was the fact that I wanted to expand a .sit on my new machine, and I discovered that you cannot now download StuffIt Expander without giving your e-mail address to Allume, and worse than that, without “agreeing” to receive unwanted marketing from them.

But I’m locked into doing this by the fact that other people are using StuffIt. (And why, by the way, is StuffIt Mac twice the price of the PC version? For that matter, how can a compression tool possibly be worth the amount they’re charging for it?!)

The e-mail has just arrived, and I’ve confirmed my e-mail address to them; however, to save others from having to do so, here are some direct links to the downloadable versions:

StuffIt Expander 10.0.2 (OS X 10.3 and later)
StuffIt Expander 8.0.2 (OS X 10.0 to 10.2)
StuffIt Expander 7.0.3 (Classic/OS 9.2.x)

These came from the actual download page, rather than the e-mail based thing.

Hopefully they will work without you having to go through the e-mail sign-up form and then wait for them to spam you later before you can unsubscribe.

Apparently, we’re going to have legislation to ban violent pornography. I think that’s probably a good thing, but I have my reservations about enacting laws that, according to the BBC News article “would apply to websites wherever they were based in the world”, because I happen to think that an unenforceable law is worse than no law at all. (That is, it matters little to some of the people operating illegal or questionable websites whether there is or isn’t a law prohibiting it in the United Kingdom, and having such a law just provides them with a kind of perverse amusement in demonstrating how easy it is for them to break it without consequence.)

I think what we really need is to declare cyberspace independent territory and give it its own legal code. Then we can have an Internet Police Force, that will actually be able to enforce the law, rather than the current situation (of little or no effective law enforcement) because the Internet spans international boundaries and is presently covered (or sometimes, not covered) by a variety of conflicting national legislation. Of course, that would require the existing nation states to cede some of their current authority to the Internet’s new government, including allowing things like IPF officers the power of arrest anywhere on the globe. Still, I think it’s the best way forward.

I’m upset with the New York Times. Why? Because the information they published today might prejudice the trials of the terror suspects involved with the recent plot to blow-up airliners heading to the United States.

I couldn’t care less about the fact that they’ve used a pseudo-geographic test to stop people in the U.K. from straightforwardly accessing their article. The fact is that such tests are not 100% reliable; for instance, go into any Starbucks coffee shop and you can get connected via T-Mobile, via Germany. Thus anyone in the U.K. who visits Starbucks with a WiFi-equipped device cannot now be a jurer in any of the trials, or worse, if they are picked and don’t rule themselves out, some of these people could walk free.

Nor is that the only way to end up using an IP address allocated to a location outside of the U.K.. There are plenty of others—for instance, if you surf the ‘Net using an anonymous browsing service, or if the database that the New York Times are using is out of date or incorrect. There are also a few idiots who have posted copies of it in places that aren’t geographically censored.

So congratulations, New York Times.

A pet hate of mine is end users (journalists especially) or—even worse—developers who don’t understand how process priorities are supposed to work. Often, both in the press and elsewhere, people write that increasing the process priority makes the program in question run faster. This is a fallacy.

What process priority controls is which higher priority tasks can interrupt any given task to use the processor. If you give a process a low priority, and then do nothing else with the machine, it will still take the same amount of time to complete. Process priority only has an effect when you are doing something else with the machine at the same time.

The right way to use process priorities is shown in the following table:

Whilst the table above is very general, the point is that it makes it clear that user interaction (for instance) should take precedence over processing. If I, as an end-user, wish to wordprocess on my machine whilst I wait for a 3D rendering to complete, I should be able to do so. If, on the other hand, I want the rendering to finish as quickly as possible, I can leave my machine alone. Inappropriate priority settings (such as 3D rendering at high priority) make the machine unusable because the interactive response time becomes unacceptable. They don’t make the rendering run any faster!

Did you know that Google is related to evil (admittedly via an anagram of Elvis)? Dirk does.

John Gruber’s latest blog entry made me laugh. In the midst of it, he writes: “enormously irresponsible for ostensibly professional security researchers”.

It seems to me that many “security researchers” are neither (a) professional nor (b) responsible. Last time I looked they were much more interested in publicity than in protecting the computer using public… there are even recent stories in the media about them making thinly veiled threats to software vendors unless they are involved in the bug fixing process.

And precisely what is their business model anyway? I mean, who exactly pays them to search for flaws? I’ll tell you who isn’t paying them… Apple. They have plenty of very clever engineers who quite clearly already understand how these things work. So why would they want to pay these people, especially as they seem more concerned with publicising the flaws they find than they are with the security of the user base? Let’s not forget that many security vulnerabilities only become vulnerabilities once published. Quite a few of the recent PC viruses only appeared after the flaws they exploit were published on CERT or Bugtraq. It isn’t exactly rocket science:– if you don’t know how to break into a system, you have to find out first, which takes time and usually requires access to a similar system (since repeated crashes of the target system, which commonly happen during the “research” stage of a hack, are a bit obvious to most people). If, on the other hand, someone publishes all of the details, some section of the user base won’t be up-to-date—even if the vendor has been given time to release a fix—and it’ll be much easier to break in.

As far as the whole Mac wireless vulnerability thing, there certainly have been vulnerabilities there in the past (e.g. via LDAP, which AFAIK used to be enabled by default), but only time will tell whether this one is real or not. I don’t think that Brian Krebs and George Ou really helped matters, what with Krebs’ original post on the subject, the title of which was ill-chosen, and Ou’s remarks about a so-called “vicious orchestrated assault” on the originators of the claims.

The fact is that the researchers clearly intended to upset the Mac using community—remarks such as Maynor’s “it eventually makes you want to stab one of those users in the eye with a lit cigarette or something” are pretty convincing evidence of that. If I were Krebs, I wouldn’t have published that statement, and as far as George Ou’s article goes, I have to say that someone who says things like Maynor did should expect a certain amount of flak as a result. Not that I’m condoning any of the things that apparently have been said to him… but let’s get this into perspective: Maynor clearly intended to upset some elements of the Mac community. He’s done so. If he’s surprised how upset they got, perhaps he (and Ou) should reflect on the fact that journalists and security researchers have been telling Mac users for some time now how naïve and vulnerable they are, usually with undertones of “You’re too smug. Just you wait, we’ll prove you all wrong”. Is it really a surprise that people who openly espouse or support this agenda get jumped on?

Well indeed. Who is Alastair?

I must say that I’m quite pleased to be sharing a name with some of these people, particularly Alastair Reynolds (I’m a big fan of his work; hard sci-fi is very much my kind of thing :–)).

Am I the only one who thinks that the current airport security measures here in the U.K. are just plain stupid?

Sure, terrorists won’t be able to get on aeroplanes to detonate their bombs, but by clogging everything up, we’ve created huge crowds of people in the airport buildings themselves, outside the security checks. I can’t think of a better target for a terrorist; they’ll do many times more damage if they detonate a bomb in those crowds than they would be able to do if they blew up a plane. Well, with a big enough bomb, anyway.

I’m not saying that we shouldn’t be careful, but I think we should be wary of doing things that simply move the risk from the air to the ground, which is—I think—all we’ve actually achieved here.