Am I wrong for wanting to see Star Trek as soon as possible? The trailers and the interviews have been encouraging, the new Enterprise is plain cool, I like the idea of Simon Pegg as Scotty and Sylar as Spock and then I think about it and realise that, from the information I know…
- It’s time travel, again
- The gimmick this time is that it’s destroying the entire Star Trek universe as we know it, except for Enterprise. I repeat: Enterprise is apparently valid continuity for the new Trek movie. If you’re going to retcon out a series, why couldn’t it be that one?
- And this means that retcons Picard out of the universe as well.
- And DS9 too, and even the first few series of Voyager.
- It’s written by the people who ruined Transformers (excepting Michael Bay).
- It’s at least partially a variant on the age-old ‘Starfleet Academy’ idea, which was repeatedly rejected during the Berman era as a lame idea.
- And how can the tech difference…
…and so on, goes the reasoning side of my mind. But the geek side just goes “new Star Trek, cool spaceship, MUST SEE.” It feels wrong, somehow, but I’ll still go – eager in the hope it won’t suck as much as it sounds. And when I find out, I’ll get back to you…
Things I’ve enjoyed, or found interesting, recently:
- The Wrestler is really, really good. Possibly more truth in it than in almost all documentaries about the actual wrestling scene, although Jon Ronson had a good go in his Guardian piece about the aftermath of Chris Benoit’s killing spree. Really a must see.
- The Springsteen album (featuring the excellent and appropriate credits song from the above as a bonus track) is also pretty enjoyable. Excellent graphics for the DVD version, too; shame about getting the discs out.
- I like the Franz Ferdinand album, and the end of Lucid Dreams is a gloriously unexpected moment that should not be spoiled by anyone. The dub album is also an interesting bonus.
- Spotify is awesome, even after they took down a lot of the indie-label material; nothing much in my field of interest, thankfully. Nice that they gave us an OS X version too.
- I have a Mac laptop running Leopard and a desktop dual-booting Windows 7 beta and various Linux distros-of-the-month. Soon I will also have a media centre box running 7 MCE and XBMC/Windows, when the parts come in. My email is shared over IMAP, so all I need is for my documents directory to be the same between the two. Unison is somewhat broken for synchronising between the two and pretty much isn’t developed any more… so what I find is Windows Live Sync, which has both Windows and OS X versions and quietly syncs my machines’ documents directories on the fly. Transparently. For a Microsoft product, it really does do the job it’s intended to really quite well…
- My software development day job is developing back-end software (Linux, C++) to get data from format A to format B in the cleanest and least visible way possible, but occasionally I do get the opportunity to develop front-end utilities. Which I write in Python for command-line stuff whenever I can, tcsh when it’s extremely simple, C++ when I can’t and C++/Qt for GUI stuff. I’ve seen enough bad GTK code (not just in our codebase) to know what I like, and Qt is it. Python is even more it, but a lot of our code needs every bit of CPU it can get so heavily threaded C++ it is…
- And since I’ve just put forward my position on GTK/Qt: vi over emacs, Python over perl, tcsh over bash, Firefox over any other web browser, fluxbox over KDE/GNOME, and painful death over PHP.
More soon.
So I’ve just flicked across onto MTV R and, as usual for an MTV channel, it’s running adverts. The one that got my attention was an ad for the spreadable margarine Flora Buttery fronted by Gary Rhodes, who must really need the money – at least Jamie Oliver and that berk doing the Aldi ads are fronting for decentish food products, not hydrogenated vegetable fats.
The main trick it does is the good old Pepsi Challenge format – Flora Buttery versus Lurpak Lighter Spreadable (not named in the voiceover but printed in an ultra-light Helvetica along the bottom) on crumpets. Lurpak Lighter Spreadable is, of course, the tasteless version. The ad then tries to make it look like most people preferred Flora Buttery in their taste test.
However, the best bit of the ad is where along the bottom of the screen (this must be an Ofcom mandate or something) it prints the true results:
Out of 200 people tested. 48% preferred Flora Buttery Taste, 45% Lurpak Lighter Spreaable, 7% had no preferences.
In other words, 96 people liked Flora Buttery better than Lurpak, but 90 people liked Lurpak better than Flora Buttery while 14 people couldn’t give a damn. Not only is the difference within the margin of error but it shows that in their own taste test, a very large number of people preferred the other brand anyway, and more people either did that or didn’t care than gave some preference, no matter how small, for Flora’s own product.
I believe the phrase is ‘epic fail’.
I’ve run a FreeBSD server in my home for six years now. I love the capabilities home servers give you over your bog-standard wireless router – mine, for example, downloads all my POP3 email from various sources, runs it through a Bayesian-enhanced SpamAssassin and filters it through into various IMAP folders (on my boxes, usually Thunderbird or, on the laptop, Mail.app). But you’ve got to be very careful with this, and apart from a front-facing Postfix for email directed at my dynamic DNS domain I have had no regularly open ports. What if I want to access my email from work, for instance?
For this, I’d like to use SSH forwarding; putting the IMAP port through to a local port on the machine I’m using, with the actual data transferred securely over the Internet and where no-one can listen in, even if I’m on some crappy open wireless somewhere. SSH is configured to only accept public key authentication, and to refuse all password access – if you try connecting from a normal SSH client without a relevant key, you get dumped back to your command line with my snidely worded banner, and a “No password access” message. The only public key is in my possession and, of course, is passworded.
Despite this, having open SSH attracts scumbags like paparazzi to Amy Winehouse and the system I use for my firewall (a 733MHz Pentium-III with 256MB RAM) simply can’t cope with thousands of individual connections doing ineffectual dictionary attacks on usernames over Virgin’s 20Mbit connection; it locks up with a massive load average somewhere in the “c”’s. As an added bonus, this of course eats my “unlimited” download cap during that particular point of the day.
How, therefore, can I balance my security with my convenience? The answer is the same thing I use to do my NAT forwarding, the pf packet filtering firewall.
pf originated with OpenBSD, and was introduced into FreeBSD somewhere around 5.3: I switched from FreeBSD’s own ipfw2 when I upgraded from 4.x to 6.x. As a bonus, pf allows dynamic lists to be built up of IPs that trigger specific rules, allowing for dynamic blocking of SSH offenders.
After my initial “block in” rule in my pf.conf, I define a table:
block in table <abusive_hosts> persist block quick from <abusive_hosts>
This defines a list of abusive hosts, traffic from which is blocked without any further discussion (with pf, applicable rules lower down the list take precidence over rules further up unless ‘quick’ is provided, which cuts off further parsing.) You can manually add to this table like so:
pfctl -t abusive_hosts -Tadd <IP address>
Or, more interestingly, you can add to it programatically. After my catch-all NAT rules, I make a rule to allow access to the local SSH port – with a catch.
pass in on $ext_if proto tcp to ($ext_if) port ssh flags S/SA keep state \ (max-src-conn 10, max-src-conn-rate 6/30, overload <abusive_hosts> flush global)
This allows up to ten simultaneous connections from a particular SSH port, or up to six within thirty seconds. flush kills the states for previously OK connections when it over-runs; global kills all connections from the IP. And the overload rule causes all those things which fail the rule to be pushed into the abusive_hosts table, meaning anything that’s bad and repeatedly connects to my SSH port end up going straight to null.
And this works, too. Using the pfctl command, you can view the contents of the table. I’ll pass it first through awk to remove the spacing, aiding with xargs for further piping, and then through “wc -l” to get the line count:
orpheus# pfctl -t abusive_hosts -Tshow | awk '{print $1}' | wc -l
22
Removing ‘| wc -l’ gets you a list of IPs, and putting ‘xargs -n 1 host’ there instead gets you a list of the hostnames associated with each of the IPs which can give you an interesting picture: at least a couple of them right now are IPs on American cable modems who are almost certainly compromised home users.
That’s twenty-two abusive hosts who’ve met my SSH blackhole since I last rebooted my machine, who would otherwise have been a problem: pfctl -sr -v (which is sent to you in your nightly root emails) tells me that right now I’ve blocked 5.3MB of unwanted traffic from these hosts since I last rebooted 18 days ago, and I’m sure I’d have got much more if they hadn’t started getting nothing but silence from my machines since the point of blocking.
I’ve found this immeasurably useful for increasing my box’s uptime and overall reliability, which helps prove that a PIII type machine is still good enough for quite a lot of things. And if you click the link to read further, I’ve posted my complete (and only slightly altered) pf.conf for anyone’s interest.
I mean, it was already remade quite recently, and successfully; the only reason the BBC possibly thinks this is a good idea is that they don’t know about it. See, the people who remade it changed the title. To 28 Days Later.
28 Days Later is effectively Triffids with fast zombies instead of plants – from eye operation, to deserted London, right down to the villainous military guys. And because it’s really a very good movie, and since the 70s Triffids adaptation (minus good-enough-at-the-time plant SFX) is really very well done, why remake? Because of 28 Days nicking all the best imagery that hadn’t already been taken by the 70s adaptation, you’ll just be repeating the idea rather than providing anything new.
Still, I don’t know exactly what they’re thinking, so I hope that in the future this doubt will sound like someone complaining about the rumours about the new Doctor Who or Battlestar Galactica before we actually got to see them. That’s my hope, anyway.
It’s BSD licensed. It seems to be fairly fast. It imported my current Firefox 3.0 profile without a hitch. The tabs support middle-click close and are very fast to do so. It even fits into Vista’s Glass style properly, which the screenshots previously shown didn’t make obvious:
Google Chrome on Vista with tabs open
In fact, I’ve already run into an annoying issue with it – if you delete all the text from the WordPress text field, it deselects the field – but it’s not exactly lethal.
Chrome’s multiprocessing isn’t a joke either. Right now, I have seven tabs open – with nine processes showing in Task Manager. Close one and it goes down to eight. Total memory usage appears to be about 150% that of Firefox, but process size appears to depend on how complex the page is – a new Firefox 3.0 on my desktop machine with the same tabs open as Chrome uses 63MB while Chrome uses a total of 98MB, with some of the page process sizes being as low as 1MB and the biggest appearing to be the main application (36MB). HQ Youtube videos play absolutely fine in the background. It doesn’t experience the same slowdown as Firefox when opening multiple pages at the same time either and trying to work with another. It’s a very competent beta.
It even has a rather nice object inspection window that reminds me of Firebug:
The inspector in Google Chrome - looking at my WordPress page.
This includes a time/size graphing facility too, and you can edit those CSS properties in-line. They have been thorough.
Remember when Safari came out for the Mac and was a step ahead of almost everything else? Chrome is like that for Windows and it’ll be like that for any platform it comes out on. It’s quick, slim-looking and uses animation sparingly and well. It’s obviously had a whole lot of thought put into it and, being open source, it should hopefully have so much more.
(Poking around in its install directory – incredibly, it installs direct to your local profile on Vista, which is probably a violation of something – reveals a “Themes” directory with a single .dll in it, a “Resources” directory with the JavaScript-based inspector in it, Google Gears as a .dll plugin and an updater. No doubt there’s more goodies deep in there.)
But in short, what it needs is Adblock Plus (or equivalent) and a Mac version for my laptop and it’ll be my main browser. Come on, Google, do your best.
When China’s design for the opening ceremony comes straight from the same chauvinist impulse that brought us Paris Hilton, Zoo and Nuts, My Super Sweet 16 and The Swan:
A pretty girl who won national fame after singing at the opening ceremony of the Olympic Games was only miming.
[...]
But the singer was Yang Peiyi, who was not allowed to appear because she is not as “flawless” as nine-year-old Lin.
The show’s musical director said Lin was used because it was in the best interests of the country.
– BBC News, “China Olympic ceremony star mimed” (12th August 2008)
Now, if this had happened at an opening ceremony in a less authoritarian country, they’d have said “the best interests of the Games”, but it would otherwise have been an identical reaction. We can’t have anything imperfect, after all; bad for the sponsors. Could be embarrassing.
Wouldn’t it have been so much better if it was imperfect? That’s what we should have for 2012; we shouldn’t try to do an outrageously expensive media spectacle that’s likely to go wrong and fall flat, we should do something from the heart that if it goes wrong it just seems more endearing. The Eddie the Eagle of opening ceremonies, rather than the Terminal 5.
Why not, anyway? It would be better than telling a nine year-old that she can’t sing for the country because she’s apparently got crooked teeth, and that she’ll have to go without the credit for her own skill while the front gets all the headlines. It is a disgusting attitude, isn’t it?
Russia has invaded Georgia and is apparently bombing civilian targets. It’s like the old Russia never left. In the meantime, CNN is showing Wolf Blitzer moaning repetitively about John Edwards shagging a campaign employee in 2006 for a short period of time. How meaningful.
I’m back, by the way. I’ve had a bunch of failed drafts over the last few months, but that should soon be over. So more blogging coming soon…
