Wednesday 22 September 2004

Just a test entry, testing PocketBlog

Monday 20 September 2004

Apposite movie?

I was just checking the in-flight movies for my trip to Seattle and environs (flying out this Thursday, 23 September and returning Tuesday/Wednesday 28/29 September), and saw that my airline, Delta, are offering the following choice of film for westbound and southbound flights in North America at the end of October:

The Terminal

Seems in the same vein as Adrian Mole buying Disaster at 30,000 Feet for Pandora Braithwaite...

Error messages go in the *log*, not the *output*

Can't create a new thread (errno 35). If you are not out of available memory, you can consult the manual for a possible OS-dependent bug

A fairly fundamental rule of software, here: if you have a non-fatal error, you write it to the log. You don't present it to the end-user, particularly if you're providing a service. What do I care that you can't create a thread, particularly if you went on to render the whole page anyway?

According to Netcraft, sluggy.com runs Apache 1.3.31 on FreeBSD. Worth reading!

Thursday 9 September 2004

More MiniDisc

In all my frustration with SonicStage, I completely forgot about the other piece of software - MD Simple Burner. In reading the manual this morning, I discovered that this is the software which allows you to rip a CD and burn directly to MD. Why this requires a separate piece of software is best known to Sony.

In trying to solve the problem with getting CD information, I discovered that there's a newer version of SonicStage - 2.1 - than that offered by the support site. You get this one by going to http://www.connect.com/download.html. After installing it initially didn't work but I noticed it had added a bunch of RunOnce keys to self-register a number of DLLs. For modern Windows install packages, you should be using Windows Installer and should not be using self-registration - Windows Installer can't repair a self-registration. Anyway, I added myself to the Administrators group, rebooted, logged in, and tried to register for CDDB. This time, it worked. Registering MD Simple Burner worked too. The problem was probably just a DLL not registered correctly.

SonicStage still doesn't do anything particularly useful (it still works as a media player) as a limited user. MD Simple Burner works fine, but a little further investigation reveals that it's actually a service running under the LocalSystem account, with the Interactive flag set. Horrible black mark of the blackest possible black, darker than a black hole.

Digression: I don't mind having a service doing the work if it's truly impossible to do it any other way, but control should always be through an IPC mechanism, with the UI running under the user's normal logon session. We've discovered with Meteor that services marked Interactive only appear on the console, not through Terminal Services. Doing it the IPC way can, I anticipate, get you remote administration with little extra effort.

Wednesday 8 September 2004

New MiniDisc player

OK, after writing this entry, I thought some more about it, then eventually ordered a MZ-NH900 from unbeatable.co.uk. Not a bad turn-around, since I actually ordered it last Saturday night (and when I say night, I mean about 11pm) - it turned up today. I decided not to spend the extra £35 or so on the NH1 because it only has one extra feature (time-stamping recorded tracks) and worse battery life. This one's battery chemistry is NiMH again, though.

Impressions so far: there's a lot in the box - the player itself, a 1GB HMD1G disc, the power supply, charging cradle, an optical 'cable' for recording from optical digital sources, a USB cradle for use with the software, and the software itself, a remote and pair of crappy earphones. They haven't actually gone in the bin, but I took one look and plugged in my EX71s instead. Haven't tried the remote yet - it's compatible in the sense that the EX71s have a relatively short cable (about 50cm) with a standard inline 3.5mm 3-contact plug plus a really long extension cable with a right-angle plug, and the remote's headphone socket is also a 3.5mm 3-contact.

The player itself is a little plasticky, which is a bit disappointing - only the top cover is aluminium with plastic controls, the rest of the body is plastic. I was also disappointed with that on my Dell Axim x30 - it looks like it ought to be metal on the website, but no - it's all plastic (apart from the stylus, weirdly). The controls seem fairly solid, although volume and seek back/next are accomplished by tilting a central, well, joystick in the middle of the jog wheel in the four major compass directions. 'Clicking' the joystick is Play/Enter. I had to look that one up in the manual.

The menu and track selection (Navi) are a bit weird, but I suppose that's expected since it does cram a lot of features in. I think I'm getting the hang of 'next album' - press Group, then while the folder icon is flashing, move the jog dial or press Next. The USB socket cover is pretty flimsy and doesn't look like it'll keep much dust out - it's basically a hinged piece of white plastic with a catch on the end. USB is always via a cable - there's no USB connection through the cradle (another difference between this device and the NH1).

Sound quality is fine - on ATRAC-1 292kbps SP that I recorded with the old recorder, new material copied from 256kbps MP3, new material ripped to OpenMG ATRAC3plus 256kbps and material transcoded from high-rate VBR WMA.

Now to the software. Oh. My. God. It's. Awful.

We start by putting the CD in the drive. Because I'm a limited user, the first thing we see is this dialog:

Install Program As Other User

OK, bang in the Administrator password, hit OK, the installer starts, click Install. The main installer launches three or four separate subinstallers (black mark no.1). At the end of the subinstallers, we get a 'finished installing, restart now' dialog with no standard Windows controls, and only a Restart button in the corner. Black mark #2. However, they've not disabled Close in the system menu - right-click the taskbar button and choose Close, it doesn't reboot. However it's probably a good idea to reboot, so I do.

The system restarts and I log on, then I'm faced with a bunch of 'file not found' message boxes as a few programs in the Run registry key fail to run (black mark 3). Ah, I see it's added three icons to the desktop without asking (#4), and something to the system tray (#5). Right-click the tray icon (MD Simple Burner) and Exit. Nothing. Do it again. Nothing. This could have been to do with AVG scanning the disk at the time... After leaving it alone for a while, it spits out an error and goes away. I try starting SonicStage, and it bitches about not being able to open the device because another program has it open (#6). I apply a bit of intuition and decide to install the software using my own account elevated to Administrators. I add myself to the Administrators group and log off and back on. I uninstall MD Simple Burner and SonicStage, reinstall, restart, and this time MD Simple Burner works. I clear the 'run at logon' option and exit, because SonicStage is still bitching about not being able to open the device. Yes, the two pieces of software supplied with my device don't co-operate with each other (#7).

So I go into SonicStage and check for a working link. Yep, it works, let's try copying They Might Be Giants' The Spine and The Spine Surfs Alone EP, which I downloaded over the weekend. I go to Import Media. It claims to be processing for a while, then finished. Nothing appears in My Library. Switching to the other views (Music Source, Transfer) and back still shows nothing (#8). I quit and restart, and sure enough my music has appeared. The actual playback on this PC is via my stereo anyway, so I don't have a lot.

The downloaded files are in MP3 256kbps CBR format. Copies fairly quickly, we're OK. I pick up the device and try to eject the disc - oh, I can't, it's not actually finished writing (#9). I wait for it to finish. I try again. Nope, still locked - I have to press Stop and wait for 'Eject Disc OK' before ejecting.

It sounds pretty good, actually - very little noticeable transcoding loss. In fact, I can hear details I couldn't on the original MP3s because of the relative crapness of my sound chipsets (C-Media on-board audio, here and at work) compared to actual HiFi equipment. I decide to give it a challenge and select Joe Satriani's Chords Of Life (the 20kbps sample does it no justice), which I previously ripped to WMA for testing playback on the Axim. That doesn't come off too well - and then I notice that the indicator on the device shows 'Hi-LP', which is 64kbps. Yes, the transcoded MP3s were at 64kbps and I barely noticed. Yeesh.

So I try again at 256kbps and... it skips the 'converting' stage. I play it back again, it's still Hi-LP. Hang on, what just happened? Yes, just like Windows Media Player, it caches transcoded files. Unlike WMP, there's no global option to clear the transcoded files, you have to go to each track, select Properties from the context menu, File Info tab, select the OpenMG format file from the list, and hit Delete File:

Delete Transcoded File

Black mark #10. Having done this it now re-encodes the file; better, but still a bit distorted. Listening to the WMA reveals that the distortion crept in there - I rip from the CD straight to OpenMG. Now I see what all those 'Record a CD' options were about - they mean Rip a CD, not Burn one. Black mark #11 for using non-standard and confusing terminology. Let's hit CD Info to get the track information:

Register with CDDB

Funny, didn't need to do that for Media Player. I click Yes, I get the same prompt again, I click Yes again, nothing apparently happens, and I don't get any track data. We're up to 12 now. I don't know how it thought it was going to register, since it doesn't open any sockets according to Process Explorer.

Yes, the distortion's still there at the peaks. Checking the CD with my headphones reveals that the CD is probably over the limit [note: read this article, another example of how the labels are destroying music] - the source material has clipping in it, which causes all the codecs to throw a wobbly. Nuts.

Note that you can't rip directly to MD - you have to rip into the library, then transfer to the device. Black mark #13.

Well, I'm not going to end my experiment with reduced privileges just for the sake of this piece of recalcitrant software, so I remove myself from the Administrators group again, and log off and on. Starting SonicStage this time spits out this error:

You are logged on as a Limited account user. Some SonicStage functions are not available.

#14 right there, just for the message box. Let's see which functions work:

No Music Store!

No Net Music Store?? I have to be privileged to use a website?? Oh well, I can live without that (but #15).

No Transfer

Oh you have got to be joking. I can't transfer to my device as a limited user, even though you've made it accessible as a USB removable drive? #16.

No CD Info

Ah, that will be the psychic transport for the retrieval of CD info again. I also see that Tools/Options is unavailable - #17.

Reading the Readme also says "Do not use SonicStage while logged on to a domain user account under Windows 2000 Professional, Windows XP Professional or Windows XP Home Edition." That last one would be a trick - XP Home doesn't support domains. I guess I won't be using it at work, then!

I could go on, but this post is long enough already. I sympathise with the Channel 9 reader who asked for NetMD device support in Windows Media Player - but it ain't gonna happen, Sony just won't reveal that information, and I don't think Microsoft have the energy or inclination to support what's really quite a small user population.

These bugs and misfeatures prevent this application from really being the tool it should be - a way to get source media onto the MiniDisc. Instead they've built yet another incompatible player.

Monday 6 September 2004

It makes me so *mad*!

Roadworks. We all hate 'em, but we know they're a necessary evil - if you want your water, gas, electricity, phones (internet) to keep working, your roads not to get completely undriveable, and bridges not to collapse on the roads, you need a certain amount of maintenance.

Recently, though, I've been seeing a problem with - er - pavementworks being signed as if they're roadworks; that is, work being carried out on the pavement (sidewalk) is marked up with 'roadworks' and 'road narrows' signs.

Except that the road doesn't narrow. Often I've seen it marked up where pedestrians - even wheelchair users - can get past the roadworks without having the leave the pavement. This is annoying because for a moment it distracts you, as a driver - where's the hazard I have to look out for? Is it round the next corner? Hang on, I can see triangular signs facing the other way on the other side of the road, it must be between here and there somewhere... oh there it is, right out of the way, not a hazard at all.

I've also been seeing something disturbing, though. In, I presume, an effort not to block the pavement with the (unnecessary) signs, the signs are being placed with one leg on the pavement, one on the roadway. This effectively reduces the width of the carriageway, requiring more care.

Finally, this morning, on my way out of Charvil to Twyford to pick Ian up, I found the roadsigns right in the middle of the carriageway, requiring that I drive on the wrong side of the road - the irony being that the sign in the middle of the left-hand carriageway is warning about the road narrowing on the right. Well, yes it does now narrow on the right - because you put a bloody sign in the middle of the road!! Sadly, there was no sign warning me of the road narrowing on the left due to the sign in the middle of the bloody road! This went beyond annoying, it was downright dangerous.

This site is prone to traffic jams anyway - the one this morning hadn't tailed back that far, but it was far enough that after picking Ian up I turned round and headed back down the same bloody road to get back to the A4.

When I came back this evening the signs had reoccupied their usual station half-on, half-off the carriageway. They're still completely pointless.

Saturday 4 September 2004

Lock down your WLAN

SecurityFocus reports (syndicated in The Register) on a man prosecuted for 'war spamming' - driving past buildings, connecting to unprotected wireless networks in order to launder his spam messages.

You should protect your WLAN as strongly as you can. Failing to do so is like putting a network port on the outside of your building with a flashing neon sign pointing to it saying 'Free Internet Here!' or 'Please Attack!'.

There are several steps you can take. First, change your service-set ID (SSID) from the default. The SSID identifies your network. You can also stop the access points from broadcasting the SSID - an attacker would then have to guess it in order to connect - at the cost of having to type it in to all your devices.

Secondly, encrypt your traffic. Pick the strongest method your hardware supports:

  • Wireless Protected Access (WPA) using certificates. Impractical unless you've already got a public-key infrastructure, so this is really restricted to corporates
  • Wireless Protected Access with Pre-Shared Key. The strength of the encryption depends on the length of the key, but you might find some disagreement on how long it can be. My router thinks the maximum is 63 characters but Windows thinks 64.
  • Wired Equivalent Privacy (WEP) using 128-bit key.

WEP using a 40-bit key is basically useless - WEP is known to have holes and a 40-bit key can be broken quite quickly.

If you have Windows XP SP2, try the Wireless Network Setup Wizard in Control Panel. You'll probably have to type (or paste) the keys into the access point configuration, though.

That's pretty good protection, but if you want to go further, some access points also offer access-control; only devices with particular hardware MAC addresses - essentially the network card's identity - will be allowed to connect. However, some cards allow the MAC address to be overridden in software, so this protection could be defeated. The attacker doesn't know what might be a valid MAC, though, so he'll have to try lots of possibilities.

Finally you may want to change the router's password to stop someone changing the configuration. This is actually quite low priority, IMO, because the attacker must already have connected.

My feeling is that routers shouldn't work out-of-the-box with WiFi enabled, or if they do, that each router manufactured has a different default SSID and has WPA enabled with a different default key. The router would be supplied with a label and a USB key-drive containing the settings. On-by-default is just too insecure.

Thursday 2 September 2004

More sponsored words mishaps

I thought I'd take a look on the MSN Music beta site, see what it's like. It's pretty clean, actually - normally MSN sites are chock full of ads. It just has a small Sponsored Sites section over on the right-hand side. I decided to search for "presidents", for which the top hit is Weird Al Yankovic's "Gump" (a parody of PUSA's "Lump") - and got this ad:

Farting Bush doll

Ooookkaaay...