InsanityWorks

Planet Rock - Last.fm scrobbler

2010-07-06T17:31:00.002+01:00

Okay, so I brought a cheap DAB radio last week and have started listening to Planet Rock, sorry BBC 6Music, but I am sucker for classic rock!

Anyhow I have now created a small windows application to allow me to update my last.fm account when I am listening to the radio station.

You can find it here http://www.insanityworks.co.uk/prscrobbler/

This blog has moved

2010-03-04T15:14:00.001Z

This blog is now located at http://insanity-works.blogspot.com/.
You will be automatically redirected in 30 seconds, or you may click here.

For feed subscribers, please update your feed subscriptions to
http://insanity-works.blogspot.com/atom.xml.

TwonkyScrobbler Source now available

2009-08-09T09:18:00.001+01:00

The source files (Microsoft Visual Studio 2005 project) for Twonkyscrobbler 1.0.3 are now available as stated the project is based on the Kexp Radio Scrobbler by Markus Palme (http://www.codeplex.com/kexpscrobbler/)

Source available at http://www.insanityworks.co.uk/twonkyscrobbler/index.htm

Direct link to zip archive

Twonkyscrobbler isn't dead

2009-08-07T11:08:00.002+01:00

I haven't done any development on Twonkyscrobbler for a while now mainly because I haven't update my server. I have had a number of requests for the source and will be putting it up on the site in the next few days.

My apologies to those who requested it via email but for some bizarre reason they got put into a spam folder and got lost amongst the hundreds of offers of cheap Viagra, penile enhancement and requests from my bank (some of which I had no idea I had an account with) to confirm my security details!

I may be doing some further development on Twonkyscrobbler in the near future, hopefully to support the latest version of the server and media manager. I may also be incorporating some other functionality including some twitter options, inspired by warbler and will be using the open source twitterizer library.

Surely the BBC broke the law?

2009-03-13T09:05:00.003Z

Tomorrow the BBC technology program 'Click' will demonstrate how botnets are used to send spam and attack web sites. Botnets are networks of compromised PCs running malware that can be controlled to undertake distributed computing tasks usual for nefarious activities.

What has caused concern is the fact the BBC bought its own botnet to do the job. The murky backwaters of the internet is full of sites and chat rooms where hackers and criminals are happy to sell their wares - apparently.

The BBC took control of almost 22,000 computers to create up Click's network of hijacked machines, which has now been disabled. Which they used to launch a Distributed Denial of Service (DDoS) attack and to generate spam.

However as a number of experts have pointed out, they have broken the law in doing so. From The Telegraph

Security expert Graham Cluley from Sophos, a UK-based antivirus company, pointed out on his blog that: "The Computer Misuse Act makes it an offence in the United Kingdom to access another person's computer, or alter data on their computer, without the owner's permission." He says:

Sure, a TV report like this can raise awareness of the serious problem of computers being controlled by hackers. But is it appropriate for a broadcaster to use innocent people's computers without their permission for the purposes of their experiment?

Struan Roberrtson, a technology lawyer with Pinsent Masons confirmed that the BBC "appears to have broken the Computer Misuse Act," adding: "It does not matter that the emails were sent to the BBC's own accounts and criminal intent is not necessary to establish an offence of unauthorised access to a computer."

The maximum penalty for the offence is two years' imprisonment, but Roberrtson does not expect a prosecution "because the BBC's actions probably caused no harm. On the contrary, it probably did prompt many people to improve their security," he said.

The BBC responded that there was

"a powerful public interest in demonstrating the ease with which such malware can be obtained and used," and that it would enccourage people to defend their PCs from such attacks. Also: "The BBC has strict editorial guidelines for this type of investigation, which were followed to the letter."

That makes it ok then!

EFF Surveillance Self-Defence Website

2009-03-06T11:22:00.004Z

Spotted this "Civil liberties hero of the week" today on the Liberty Central section of the Guardian website.

It is the Electronic Frontier Foundation (EFF) for its Surveillance Self-Defence website, which aims to educate the public about "the law and technology of government surveillance ... [as well as] providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it."

The Guardian point out that "Although much of the legal advice is only applicable to American readers – fingers crossed EFF Europe produces EU-wide and British versions soon – the details on what information is stored about you by third parties, such as your ISP and telephone providers, is relevant to British citizens.

The practical technical advice will be an essential read for investigative journalists, who have expressed concern that the Regulation of Investigatory Powers Act 2000 and the communications traffic superdatabase could impede their ability to protect sources. It details how to securely delete your files or how to use encryption to protect private communications, including emails and instant messages."

Very useful indeed

TwonkyScrobbler V1.0.3

2009-01-06T15:07:00.001Z

Forgot to post that I have now released V1.0.3 of the TwonkyScrobbler, this releases fixes issues with 'special' characters and literal strings in the RSS feeds.

TwonkyScrobbler V1.0.1

2008-11-11T10:24:00.002Z

I have released an update to the TwonkyScrobbler. A user on the Twonkyvision forum highlighted a problem when using it with an older version of the server.

TwonkyScrobbler was developed and tested using the latest TwonkyMedia version 4.4.9. The RSS feed facility was introduced in version 4.1 and I had made the incorrect assumption that the RSS feed format had remained unchanged.

In Version 4.4.9 I observed the items in the RSS feed have the following format


<item>
<title>Gemini</title>
<link>http://192.168.0.20:9000/disk/O1$11$207905894$2623831632.mp3</link>
<description>Eye In The Sky</description>
<author>Alan Parsons Project, The</author>
<enclosure url=http://192.168.0.20:9000/disk/O1$11$207905894$2623831632.mp3 type="audio/mpeg" />
<pubDate>Mon, 01 Jan 1981 01:00:00 GMT</pubDate>
<moddatetime>Thu, 20 Apr 2006 20:38:10 GMT</moddatetime>
<playeddatetime>Sat, 08 Nov 2008 07:44:01 GMT</playeddatetime>
<class>object.item</class>
<genre>Rock</genre>
<playcount>1</playcount>
<tracknumber>32148</tracknumber>
<duration>131000</duration>
<bitrate>192</bitrate>
<frequency>44100</frequency>
<audiochannels>2</audiochannels>
</item>

The scrobbler was using the element <playeddatetime> to determine if the song was a new one, storing the value in the program configuration file.

Following the bug report I installed a much older version (4.2.1) on another PC and discovered that items in the RSS feed have much less information.


<item>
<title>Old Ghosts</title>
<link>http://192.168.0.21:9000/disk/O1$11$134217730$2550136852.mp3</link>
<description>Stormwatch</description>
<author>Jethro Tull</author>
<enclosure url="http://192.168.0.21:9000/disk/O1$11$134217730$2550136852.mp3" type="audio/mpeg" />
<pubDate>Mon, 28 Apr 2008 12:59:26 GMT</pubDate>
</item>

This obviously created a problem because the required information is missing, the <pubDate> element isn’t related to the time the song was played.

To attempt to remedy this problem I have modified the scrobbler so it attempts to find the element, however if it is missing the other information title,description and author (i.e. title, album and artist) is compared to the last scrobbled track and any difference is assumed to signal a new track and the new track is scrobbled using the current time as the played time.

Twonkyvision had made reference to this fact in the RevisionHistory.txt file

What's new in Version 4.4.3.1
------------------------------

+ DivX and WMV support for PS3 (4.4.3.1)
+ AAC support for PS3!
+ Time information for pictures on PS3
+ added Album Artist and Album Art for OGG and FLAC
+ added rss feed support for all content types. Start with http://127.0.0.1:9000/rss/feed
+ enhanced generated rss XML feed by more properties

Updating from V1.0 will require a new configuration/state file with the extra data.

TwonkyMedia Scrobbler V1.0 Released!

2008-11-06T07:43:00.002Z

Tested it again last night with no problems.

So have released it to the world - have even done some documentation

http://www.insanityworks.co.uk/twonkyscrobbler/index.htm

Scrobbler nearly there!

2008-11-05T15:57:00.001Z

Well the scrobbler is nearly there, done some fiddling with it's look!

Twonkymedia last.fm scrobbler

2008-11-04T17:37:00.003Z

Well I haven't posted anything for a while, but today I finally completed the first stage of a programming project I hinted back in February.

It is a scrobbler for the last.fm service that sits and monitors the TwonkyMedia uPnP server and sents information of tracks it is servicing!

The TwonkyVision people added an RSS service (think it was on version 4 and primarily to support non-upnp devices such as the SonyPSP) This is available at http://localhost:9000/rss (that link won't work unless you are reading this on a computer running the server!)
By drilling down from this page it is possible to reach a 'last played' rss feed.

It is buggy, the feed isn't updated correctly, but appears the last entry in the rss feed is always the last audio file served up. My scrobbler which is based on the KexpScrobbler by Markus Palme reads this file and extracts the appropriate information from the last entry and scrobbles the data.

I have to do a bit more testing but looks like it works, and I will be releasing it on my website soon!

The Programmer's Bill of Rights

2008-09-07T16:20:00.002+01:00

Having started my new job the first thing I did was sort out my work station arrangements. I had inherited a pretty decent P4 Dell PC, not bleeding edge but certainly fast enough. But it had only a single 19" TFT, so on my first day I cheekily requested a second screen and to their credit they said yes! This was a set up I adopted at my last employer and had found it such a boost to productivity (I am not sure they thought so, but that is another story!)

Browsing around the web today (it is raining, thundering etc outside) and I found this entry, posted a few years ago on the Coding Horror Blog, it is a non-serious bill or rights for programmers - multiple screens, fast computers, choice of keyboard and mice, comfy chair and quiet environment. Pity I didn't find it when I was in my last job! :-)

The Last Hope Talks

2008-08-27T23:22:00.004+01:00

I have spent the last few days listening to some of the presentations and talks given at the Hacker On Planet Earth conference (HOPE) This year's event was probably going to be the last due to plans to demolish the venue in New York, hence the event tag "The Last HOPE" however it seems those plans may have changed.

The speakers are wide ranging, with interesting and thought provoking topics.

Some highlights are the talks by Kevin Mitnick, a 3 hour marathon talk by Steven Rambam about privacy and the lack of it and the ominous threats posed by new technologies such as Google, the iPhone and social networking sites, well worth a listen. Also Renderman's presentation "How Do I Pwn Thee? Let Me Count The Ways" highlights the security dangers of mobile technology.

Of special interest to me was Travis Goodspeed's "Introduction to MCU Firmware Analysis and Modification with MSP430static" the slides and information are available from Travis' website. In this talk Travis gives a wonderful account of the basic principals of reverse engineering.

All the talks are available here for free download in low and high quality versions.

SamKnows releases first broadband preformance report

2008-08-02T13:25:00.003+01:00

I posted back in May about ISP watchers SamKnows.com who launched a bid to discover the truth about the state of UK broadband by recruiting volunteers to install a monitoring device on their network, to collect performance data (the geographical distribution is shown above).

They have now released their first report, a 40 page pdf which can be downloaded here.

On page 2 of the report is the main summary

In the majority of metrics there was little discernable difference between most
ISPs;

Zen Internet offered the fewest failures across all metrics;
Virgin Media’s cable services and Be/O2’s services provided a consistently low latency throughout, whilst Virgin.Net (Virgin’s ADSL service) performed poorly.
BT provided the fastest throughput when measured as a percentage of implied line speed (an estimate of the potential maximum speed of the line)
Be/O2 and Virgin Media produced the greatest raw throughput (in megabits per second), which can likely be attributed to the nature of their products.
Virgin Media’s cable throughput remained consistent on their 2, 4 and 10Mbps products, but was quite variable on their 20Mbps product.
Testing highlighted the use of traffic shaping in the networks of BT and PlusNet, which resulted in certain classes of traffic slowing significantly during peak hours.

Being on the Virginmedia XL (20 Mbps package) I can confirm their results are pretty much what I have experienced.

Hackers attack DNS exploit, ISPs failing to update servers

2008-07-31T19:43:00.004+01:00

theregister.co.uk are reporting that many ISPs have still not acted up on the now infamous DNS security flaw and miscreants are actively exploiting the gaping hole in the internet's address lookup system that can cause millions of web surfers to receive counterfeit pages when they try to access online banking services and other types of websites.

many laggard internet service providers reported to be dragging their feet in applying patches that fix the devastating DNS flaw. Dan Kaminsky says more ISPs appear to be getting the message. Last week, about 51 per cent of unique name servers tested on his site (see the "check my DNS" button to the right) showed up as vulnerable. Now, he says it's closer to 35 percent.

Test your own ISP here.

If it still fails then you can always update your settings to use OpenDNS

dynamicDemand

2008-07-24T08:30:00.003+01:00

Discovered this brilliant website which has a meter which attempts to monitor the power balance of the UK electricity grid. If the needle is too far to the left, it means more generation is needed to meet demand.

The meter actually shows the grid's "frequency", which is related to the speed of rotation of generators all over the country. When there is too little power available, the whole grid "slows down" and the needle moves to the left.

Now resisting the temptation of running around the house turning appliances on/off in an attempt to affect the meter!

Citizen Engineer

2008-07-23T16:38:00.002+01:00

Citizen Engineer is a new online video series about open source hardware, electronics, art and hacking by Limor (Ladyada) Fried of Adafruit Industries & Phillip (pt) Torrone of MAKE magazine.

From hackszine.com

Quite an interesting video, some oddity with the sound mixing but an enjoyable 30 minutes

xkcd.com - Security Holes

2008-05-18T23:02:00.002+01:00

Follow on from my last post the wonderful xkcd.com has a humorous take on the whole matter

Debian/Ubuntu: Serious OpenSSL/SSH vulnerability

2008-05-16T06:55:00.004+01:00

Back in September 2006 a line of code was removed from the Debian distributed OpenSSL package. The reason? That one line of code was responsible for causing an uninitialized data warning in Valgrind, the linux based programming tool used for memory debugging, memory leak detection, and profiling, by removing it the error went away!

Unfortunately that one line of code also seeded the random number generator used by OpenSSL, so as a result the keyspace used by affected systems went from 2^1024 to about 2^15.

Secure Sockets Layer (SSL), and the newer Transport Layer Security (TLS) are the cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, instant messaging and other data transfers. There are slight differences between SSL and TLS, but they are essentially the same.

The problem is when creating a encryption key with the affected version of OpenSSH, there are only 32,767 possible outcomes for a given architecture, key size, and key type (as opposed to the intended 1.79769 × 10³⁰⁸), leaving it wide open to attack.

A large majority of Debian and Ubuntu systems are affected. To correct the problem, users need to not only update OpenSSL, but also revoke and replace any cryptographic keys and certificates that were generated on the affected systems. From the Debian security advisory:

Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected, though.

For most people this affects the SSH server's host key and any public key pairs used for remote SSH authentication. However it is a more of a headache for people with web servers as any keys or certificates generated on the affected machines for SSL/Https use also need to be revoked and regenerated.

There is a lot to think about here. I have worked with many software developers and have noticed that many have this natural tendency to want to fix and re engineer things that aren't even broken. (I am guilty of it myself)

This stems from an engineer's weird desire to make sense of thing, by taking something apart and putting it back together is a common way to increases familiarity and understanding of the machine, engine or indeed the code they are working on. But it hard to restrict the tendency is to try and make 'improvements'.

More discussion of the problem here
Debian OpenSSL Predictable PRNG Toys

Security flaw turns Gmail into spam open-relay server

2008-05-13T10:10:00.004+01:00

A recently-discovered flaw in Google's very popular email service is capable of turning Gmail into an effective spam machine. According to the Information Security Research Team (INSERT) the flaw allows a spammer to send thousands of bulk e-mails through Google's servers without fear of detection. This attack bypasses both Google's identity fraud protection mechanisms and the current 500-address limit on bulk e-mail.

The worry is not just that the flaw allows spammers to send a potentially unlimited number of messages, it is also the trustworthiness given Gmail by other e-mail providers could exacerbate any potential spam attack.

Spam currently accounts for 95 percent of all e-mail traffic and many e-mail providers have adopted whitelists and blacklists as a first line of defence against the flood. An e-mail from a known spamming domain (or the corresponding IP address block) may be automatically blocked by any given e-mail service, while an e-mail from a trusted, authenticated source such as Gmail is automatically allowed through the gateway.

Most e-mail providers use multi-level filtering services, which might detect that the forged Gmail message is spam, but the message will have cleared a substantial hurdle that would have otherwise stopped it. Messages originating from Google, it seems are well-regarded by both Yahoo and Hotmail. The INSERT team tested the degree of trust between the three major e-mail providers by sending spam messages to Yahoo and Hotmail using two sources. In the first test, messages were sent from personal systems whose IP addresses had been blacklisted by Yahoo and Hotmail. The second test consisted of sending the exact same message via the Gmail flaw that INSERT discovered.

The difference was significant. E-mail sent to Yahoo and Hotmail from a blacklisted IP didn't even necessarily reach the account's spam box, while forged e-mail sent via Gmail always arrived. That is not to say that trusted-source filtering is bad, but it demonstrate how a security flaw in a single product or service can ripple through an ecosystem.

It is being reported the flaw is still present at the time of this post.

(credit to the Arstechnica report)

Radio Paradise Scrobbler

2008-05-08T21:17:00.002+01:00

Radio Paradise is one of my favourite Internet radio stations, whether I am listening to it via my PC or via my Logik IR100 Reciva based Internet radio.

Radio Paradise is a popular and pioneering Internet radio station that defines itself as "eclectic online rock radio". The channel differs from most FM channels and other Internet stations in that the music played is not limited to any specific genre but instead represents great variety, much like my own listening tastes. Radio Paradise mostly plays different styles of pop and rock music, but occasionally also everything from jazz to classical to electronic music and world music.

I also am an avid fan of last.fm the music community website and have been scrobbling my listening habits for 4 years now. The problem with listening to Internet radio is that media players plugins won't scrobbled the track information, even if it is supplied in the stream, enter build.last.fm which I posted about a while ago, this is a site where developers can post utilities and applications that utilise the last.fm API.

One of these applications is a Radio Paradise Scrobbler which makes use of the extensive playlist information readily available on the Radio Paradise website to add to your listening data. It works pretty well, the only criticism is that it doesn't actually know if you are actually listening to the tracks, this is done independently of the application using the media player of your choice, it seems to simply monitors the playlist for changes whilst running and posts the data. So you will need to remember to close it when you aren't listening.

Twitter expanding my Web2.0 world and a broken Facebook application

2008-05-08T08:00:00.006+01:00

I signed up to Twitter months ago (primarily to squat on the username!) and have never used it, to be honest I have not really seen the usefulness of it, pointless short messages along the lines of "The dog has just broken wind", "I have a headache" and " Did I just hear Hall and Oates singing "Locomotion"? That can't possibly be right ... can it?" (thanks to Wil Wheaton for the last one)

But I decided to give it a go, and of course in the spirit of Web2.0 decided to install the twitter application on my new Facebook page but it bombed out with page full of compiler debug code, a little investigation and it seems I am not the only new user experiencing the problem.

AJ Vaynerchuk posted about the problem five days ago and there is a discussion thread on Facebook full of "me too" posts, but as yet no response and no fix from either party.

Interestingly it coincides with a number of articles and programs I have recently read and listened too concerning the dangers of building a product and/or business model on the top of a platform over which you have no control. If that platform changes, fails or disappears then your are in trouble. While am sure this is more likely to be sloppy coding it is an interesting portent.

Listening to this week's BBC World Service program Digital Planet it had an interview with Jonathan Zittrain who has written a book called The Future of the Internet--And How to Stop It, the synopsis on Amazon.co.uk reads

In "The Future of the Internet: And How to Stop It", Jonathan Zittrain explores the dangers the internet faces if it fails to balance ever more tightly controlled technologies with the flow of innovation that has generated so much progress in the field of technology. Zittrain argues that today's technological market is dominated by two contrasting business models: the generative and the non-generative. The generative models - the PCs, Windows and Macs of this world - allow third parties to build upon and share through them. The non-generative model is more restricted; appliances such as the XBox, iPod and TomTom might work well, but the only entity that can change the way they operate is the vendor. If we want the internet to survive we need to change. People must wake up to the risk or we could lose everything.

On the Amazon.com website it has a slightly different synopsis

This extraordinary book explains the engine that has catapulted the Internet from backwater to ubiquity—and reveals that it is sputtering precisely because of its runaway success. With the unwitting help of its users, the generative Internet is on a path to a lock down, ending its cycle of innovation—and facilitating unsettling new kinds of control.

IPods, iPhones, Xboxes, and TiVos represent the first wave of Internet-centered products that can’t be easily modified by anyone except their vendors or selected partners. These “tethered appliances” have already been used in remarkable but little-known ways: car GPS systems have been reconfigured at the demand of law enforcement to eavesdrop on the occupants at all times, and digital video recorders have been ordered to self-destruct thanks to a lawsuit against the manufacturer thousands of miles away. New Web 2.0 platforms like Google mash-ups and Facebook are rightly touted—but their applications can be similarly monitored and eliminated from a central source. As tethered appliances and applications eclipse the PC, the very nature of the Internet—its “generatively,” or innovative character—is at risk.

It is an interesting observation and prophecy

Last.fm client has not been submitting tracks for days

2008-05-07T20:17:00.007+01:00

Just had a strange problem, the last.fm client has been merrily collating all the tracks I have listened to the last few days, but they haven't been showing up on my played list, the last tracks showing were submitted 5 days ago. The client updated itself this morning as well to version 1.5.0.24910

Checking the support forums it seems I haven't been the only one suffering this problem, and this posted solution seems a little strange but I can verify it worked, the official solutions that have been posted don't.

It appears that when the client is starting up (initiated by your media player starting) it doesn't always successfully connect to the servers correctly. If you click the Help and Check For Updates it reports an error about not being able to connect. Shut down the client and restart it and immediately it updates the list of the unsubmitted tracks. If you check for updates again, it will reports if it's up to date, or that it needs to update (this means the client is actually connecting to the server).

There definitely seems to a bug somewhere, and as it wasn't submitted tracks with the previous client it suggests a fault at the last.fm end.

My broadband speed tests

2008-05-07T10:20:00.003+01:00

Following on from my post about the SamKnows.com monitoring initiative, I decided to do a check on my broadband speed, firstly I used the very pretty graphical test at speedtest.net initially it chose a recommended server in Maidenhead and I only got a pathetic 9345Kbps download, switching to an alternative in London I got the following results (17397Kbps download and 703Kbps upload).

Next I check the speed test at Broadband-expert.co.uk and got the following (19.9Mbps download and 704 Kbps upload)

So seems my 20Mbps connection is preforming well.

On the broadband-expert.co.uk website it also has accumulated results (click speed test results button at bottom of screen) for most of the UK ISPs and my ISP VirginMedia seems to come out pretty well, despite the introduction of even more extreme and complicated traffic shaping schemes.

Bid to find the truth about broadband preformance

2008-05-07T09:54:00.003+01:00

ISP watchers SamKnows.com have launched a bid to discover the truth about the state of UK broadband by recruiting volunteers to install a monitoring device on their network, to collect reams of independent performance data.

They are aiming to attract 200 volunteers who'll be sent a free tweaked Linksys router (a WRT54GL) that will measure and report download speeds for HTTP and non-HTTP traffic, latency, packet loss, DNS response, and website loading times.

It comes as there is a sharp increase in consumer anger against ISPs over blatenty misleading marketing campaigns, opaque traffic management policies and low investment in infrastructure.

I have signed up, so wait to hear.

Secunia PSI - Personal Security Inspector

2008-05-01T16:42:00.002+01:00

Secunia is a respected Danish computer security service provider, one of their primary missions is to track vulnerabilities in software and provide security tools primarily for the corporate IT market.

In addition they also provide a free tool (for personal non-corporate use) called PSI - Personal Security Inspector.

PSI acts on a dangerous problem of vulnerabilities on auxiliary and add-on software. The problem of vulnerabilities in the Microsoft Windows operating system and Microsoft Office are tackled by the much improved Microsoft Update system. However what about all the other installed software which are prone to vulnerabilities? Software like Adobe Acrobat Reader, Flash, Java VM, Media players, compression utilities, third party browsers to name but a few.

Most vulnerabilities are triggered by malformed data files distributed across the internet and unless addressed can prove a real danger to the regular user. The problem is despite a lot of these programs having update systems built in it is easy to miss important updates and critical patches can be forgotten, leaving your system exposed.

PSI using a huge database from Secunia to verify your installed software and will indicate if they are insecure and have updates available.

I liked to think I kept my software updated, but after running the tool for the first time I was told I was only 92% secure there were around 15 programs that were running old insecure versions. I few updates later and I am up to 96%, there are still some programs that updates are not available for with know vulnerabilities, and some whose update process is so confusing and convoluted that updating is next to impossible (not helped by hideously unnavigable support websites, Yes Adobe/Macromedia I am looking at you!)

In my scan there were some expected culprits for being out of date, Adobe Flash, Acrobat Reader, Quicktime and Realplayer and others I was not aware of, such as VLC, 7-Zip and WinZip. It is easy is to have vulnerable software running on your computer. If you are not using anything to keep track of software updates, try PSI, you may be surprised. PSI does a good job on detecting software that needs to be updated, so I heartily recommend it.

There is a on-line version available but the installable client is much more capable. The scanning process is a bit resource intensive, so I would suggest you run it periodically (say once a week) rather than letting it permanently run, which is it's default setting.

OpenDNS

2008-05-01T08:28:00.002+01:00

My current ISP is VirginMedia née NTL née Diamond Cable and has generally been pretty reliable, what issues I have had with connectivity and browsing have often been DNS related.

Most people have experienced this problem at some time, you type in the website address and hit enter then there is a long delay before the website appears, or doesn't appear instead you get an error message. This is quite often the result of Domain Name System (DNS) problems, DNS is the system where the websites alphanumeric name (e.g www.virginmedia.com) is converted into the IP number (212.250.162.12) , effectively it's an internet phone book.

If that system is slow or fails either due to server load, or connectivity problems it creates a delay or failure when using the internet. Also like much of the original infrastructure of the internet DNS was not originally designed with security in mind, and thus has a number of security issues have occured, such as DNS Cache poisoning which has lead to phishing attacks. Because DNS works in the background the idea behind these attacks is to feed the browser an alternative IP address we redirects it to spoof and fake website, either in an attempt to introduce malware or to harvest personal information for ID fraud from the unsuspecting user.

In an attempt to offer a solution to these growing problems or reliability, speed and security David Ulevitch created OpenDNS in July 2006.

OpenDNS offers DNS resolution for consumers and businesses as an alternative to using their internet service provider's DNS servers. The system comprises of servers in strategic locations and employing a large cache of the domain names, the result is DNS queries are usually processed much more quickly, increasing page retrieval speed.

Other features of OpenDNS include a phishing filter and typo error correction (for example, typing wikipedia.og instead of wikipedia.org). By collecting a list of malicious sites, OpenDNS blocks access to these sites when a user tries to access them through their service. OpenDNS has also launched Phishtank, where computer users around the world can submit and review suspected phishing sites. OpenDNS can also be configured to limit access to adult related sites. Details of all the features on offer can be found here.

I have switched my network to OpenDNS, full instructions and HowTos are available on the site. It was painless and simple, browsing does seem quicker but I haven't used it long enough to really comment on the speed improvements but the ability to view statistics and lots of graphs is enough to convince me!

The Real Deal Podcast

2008-04-30T23:16:00.003+01:00

While reading the webware.com news feed I saw mention of a podcast about cloud computing produced by The Real Deal for the CNet.com network.

Cloud computing seems to be the latest buzzword/technology, I heard mention of it in the BBC Digital Planet podcast only yesterday. It is fairly amusing to hear some people referring to the similarity between this 'virtual/shared technology' and the old time-sharing mainframe systems of the 1970s. Further proof that things come in cycles, be it that they are slightly metamorphosed on each iteration.

But I digress, this podcast is a fresh of breath air and I've listened to a couple of other episodes and what strikes me is the simple, layman like explanations and enlightening discussions of all these new buzzwords and technologies. The presenters are Tom Merritt and Rafe Needleman, Rafe is also the editor of webware.com which is a pretty good synopsis of all that is new in the Web2.0 world.

The Web2.0 Bloat!

2008-04-30T20:09:00.002+01:00

Back in the early days of the interweb, when people used dial up modems, bloated large websites were frowned upon and the main criteria in their design was size and therefore speed.

Computers at that time were underpowered and would often fall over when confronted with graphic heavy sites and on-line video was often the preserve of the very wealthy who could afford the CPU, graphic card, memory and time for it to load!

Unfortunately as computers became more powerful, modems got quicker, telephone calls and ISP costs got cheaper there was a natural tendency for the page sizes to creep upward as graphics and multimedia were introduced. I am sure this was sometimes aggravated by spoiled designers with powerful machines at the end of leased lines or ISDN connection. The worst case of this was the completely unnecessary obligatory Adobe Flash 'please click to enter site' page which often took minutes to load.

Now as broadband becomes more prevalent the bloat has continued fuelled by the Web2.0 explosion. This bloat is often offset by the connection speed and the power of the computer. However I have noticed that on some of my older computers ( 1GHz of less, with modest memory and Windows 2000) that some sites now cause similar problems to the bad old days, unstable browsers, constant disk thrashing as the virtual memory systems struggles to cope leading to sluggish performance and navigation. I am sure that people still on dial-up have become increasingly disadvantaged.

Now research by WebsiteOptimization.com has put a figure on the flab as modern websites feed on their diet of Web2.0 lard.

The report states that the mean size of a web page has more than trebled since 2003 from 97.3KB to more than 312KB. The mean number of objects per page has meanwhile near-doubled from 25.7 to 49.9. The authors blame external objects for the majority of delays experienced by web browsers.

Last year saw websites really pack on the data poundage with widgets, gadgets, embedded video and other mashtastic tinsel (thanks to theregister report for that particular phrase). The average page swelled by more than 60KB to 312KB by the end of December and projections put next new year's figure at 385KB.

There's plenty of evidence in the report for the views of ISPs and other industry insiders claiming that the online video boom risks breaking the internet and net neutrality. The authors of the report claim that ten per cent of YouTube videos account for 80 per cent of streaming traffic, and use it to suggest that cached content delivery networks (as being considered by the BBC for iPlayer) are becoming an increasingly appealing proposition to improve performance.

Another interesting fact is that the increase in mean length of web video means more users are experiencing frustrations with re-buffering. According to the report, 87 % of web video streaming sessions are abandoned in the first ten seconds, but how much is due to that, or the fact that 87% of on-line video isn't worth watching?

Talking of the old days, I fondly remember getting a 14.4 modem running on Windows for Workgroups 3.11, which involved installing a third party WinSock (a TCP/IP protocol stack) Trumpet Winsock in my case!

When one blog isn't enough!

2008-04-28T13:45:00.001+01:00

I registered a Livejournal account a long time ago, but never used it and then blogger came along and was much more user friendly. But I reactivated it and have found a way of merging my other blogs in to it! More later, once I've discovered how the Facebook application BlogIT works!

Doing my duty - Malicious activity detection

2008-04-26T23:03:00.004+01:00

For several years I have been using a Linksys WRT54G V1.1 wireless router with the official firmware attached to my cable modem. It has a built in firewall but lacked any proper network intrusion detection system it did have a rudimentary log which could be accessed via the web-page interface but that was pretty much useless when trying to look for malicious activity such as denial of service attacks, port scans and attempts to crack into the network via vulnerabilities.

It always worried me as to what attempts were being made to get past the firewall on to my network. Some of my network PCs have software firewalls as a backup and alerts have been almost non-existent but it still nagged away. Last year I toyed with taking an old PC and creating a Smoothwall firewall, because of the logging and ability to install Snort but I really could justify the space and expensive of having another PC on 24/7.

As I posted yesterday I finally got the nerve up to install one of the numerous third party replacement firmwares for the router. Plumping for the Tomato variety!

One of the first things I noticed was the improved logging, which can be sent to an external PC running a monitoring/analysis program. In the wikibooks page it mentioned the WallWatcher software for Windows so I downloaded and installed it, configured the router and lo and behold I was getting information about all those Chinese TCP/IP packets bombarding my router!

I have now signed up and have installed the necessary client software to upload the logs to the SANS Institute Internet Storm Centre DShield system and myNetWatchman systems. These organisations use volunteers who submit their data to help detect problems and analyse threats, creating technical information and alerts to the general public.

The system works by having a network of hundreds or thousands of people from all over the world submitting information from their firewalls and intrusion detection systems about unwanted traffic arriving from the Internet. This data feeds the appropriate database where analysis is made looking for abnormal trends and behaviour. In the case of DShield the resulting analysis is posted to the ISC's main web page where it can be automatically retrieved by simple scripts or can be viewed in near real time by any Internet user.

I really feel like I am doing something good, and of course it is fairly geeky! These are the 'attacked' ports from today!

Tomato Firmware installed on my WRT54G

2008-04-24T14:55:00.004+01:00

Well I took the plunge and just installed it - will report as I discover any benefits/bugs.

I am hoping it will improve the reliability of my wireless connection to my XBox/XBMC setup, it's been a bit flaky lately.

Speeding up the NSLU2

2008-04-24T09:59:00.003+01:00

In my home network I have a small NAS (Network Attached Storage) solution consisting of a Linksys NSLU2 (Network Storage Link for USB 2.0 Disk Drives) and a number of attached external USB hard disks.

The NSLU2 or "SLUG" as it is often called runs Linux, as per the terms of the GNU General Public License Linksys were required to release their source code. Due to the availability of this code and the relatively low cost of the device, there are several community projects centered around it. Including a number of replacement firmware images available for the device. I have been tempted to use Unslung which is based on the official Linksys firmware with some improvements and features added, but have been wary about bricking it.

Despite it running the official firmware it has proved a reliable device and the attached drives are full of my music and video collection. However it has never been the speediest device, sometimes being sluggish(sic) to transfer across the network and the web-interface sometimes being painful slow to respond.

The device has two USB 2.0 ports for connecting hard disks and uses an ARM-compatible Intel XScale IXP420 CPU. The device includes 32 MB of SDRAM, and 8 MB of Flash memory. It also has a 100 megabit Ethernet network connection.

I have discovered that models manufactured prior to around April 2006, Linksys had, for an unknown reason, under-clocked the processor to 133MHz, though a simple hardware modification to remove this restriction is possible. Later models (circa. May 2006) are clocked at the rated speed of 266MHz.

Today I took the plunge and opened up the unit and removed the appropriate resistor. Full details on this page.

I can confirm that the device is indeed much speedier and responsive. Maybe I might just get around to trying out Unslung and installing Tomato firmware on my WRT54G.

BBC News - They broke my favourite website

2008-04-08T08:23:00.001+01:00

"Change for change sake", "If it ain't broke, then don't fix it" are all comments I've read about the new look BBC News website. The site adopted a new look at the start of the month and at first sight I hated it, and so did many others judging by the comments on the BBC Editors Blog. The old site design, which won awards and almost universal praise was a clean compact design and reminded me of reading a newspaper column. The new design was all spaced out had now had more white space than text and I found it difficult and almost unreadable.

To their credit and responding to comments the BBC have made minor tweaks to improve the look and feel. However one gripe I still have is many pages seem to render incorrectly in Firefox.

This is an example of a 'broken' page - it looks fine in Microsoft Internet Explorer

However in Firefox, odd things happen to the font sizes and alignment of text and pictures

While it may be something unique to my machine and/or is probably a simple fix I have seen it quite often on numerous pages.

One of the strengths of the old design was it seemed no matter what platform or browser you used (with the possible exception of lynx) it's compact size and simple design meant it always looked the same.

Apple Updater Acts Like Trojan

2008-03-22T15:26:00.003Z

I don't have an iPod and will never ever use iTunes, so much so I will resist installing it with my dying breath. I used an earlier version on a previous PC and it was a pile of "donkey's queer things" completely renaming my existing audio library and hogged resources.

I use Quicktime, but only because people will insist on using the proprietary mov format for videos, the Quicktime player is another bloated, slow and resource hungry program. So while Apple Mac advocates sing the praises of their machines and the software they run on them my experiences of Apple software on Windows has been disappointing.

For a long time the Apple website has dubiously implied that the installation of Quicktime required iTunes, the standalone Quicktime player being hidden away on the website. In addition, following a recent update to Quicktime (due to yet another security vunerability) my machine had become infected with the Apple Software Updater. I say infected because despite only having Quicktime installed it has for many weeks telling me to update iTunes and helpfully filling in the tickbox so should I not have be paying attention and select update I would have installed it.

This morning the updater had an additional item (and filled in tickbox) Safari, Apple's new web browser! Surely this amounts to spam and trojan activity by attempting to install software on a persons machine without their knowledge?

What is even worse is the marketing blurb you see in the updater

“Safari for Windows is the fastest and easiest-to-use web browser for the PC. It displays web pages faster than any other browser and is filled with innovative features — all delivered in an efficient and elegant user interface.”

But what it fails to mention are the ongoing worries about security risks on Safari, especially for people using Window operating systems.

Automatic software updaters are becoming the norm, with Windows and Firefox two prime examples, But the big difference here is that they only offer updates to what is already installed, rather than spamming users with unwanted software downloads. Of course advocates will claim Apple isn’t making you download anything, you can always say no, but how many people new to iTunes will blindly click ‘Install’, thinking it’s part of the essential program?

It seems to have inflamed a lot of people with blogs full of outrage. Mozilla's CEO John Lily has hit out at Apple's decision.

Interrupts hogging CPU use caused by UDMA drives reverting to PIO mode.

2008-03-22T05:01:00.006Z

I have experienced some on going problems with my Dell PC running XP being slow and unresponsive, as well as the hard disk problems [1][2][3].

Running the SysInternals utility Process Explorer I have noticed that it was indicating that "interrupts" were taking the majority of CPU load, and it seemed related to disk activity, when copying large files to and from USB drives for example. I did a quick google and discovered this post which identified the problem, which is related to way XP handles the DMA mode on ATA/ATAPI devices (article here and discussion here).

For repeated DMA errors. Windows XP will turn off DMA mode for a device after encountering certain errors during data transfer operations. If more that six DMA transfer timeouts occur, Windows will turn off DMA and use only PIO mode on that device.
In this case, the user cannot turn on DMA for this device. The only option for the user who wants to enable DMA mode is to uninstall and reinstall the device.
Windows XP downgrades the Ultra DMA transfer mode after receiving more than six CRC errors. Whenever possible, the operating system will step down one UDMA mode at a time (from UDMA mode 4 to UDMA mode 3, and so on).

Sure enough checking my machine the drives were switched to PIO mode.

To access this information use Settings->Control Panel->System->Hardware->Device Manager and then expanding the IDE ATA/ATAPI controllers

Double click them and under advanced settings you will see the transfer mode selected

If the current transfer mode is set as PIO rather then UDMA then the best thing to do is uninstall the driver and let XP reboot, this reinstalls the driver and resets the transfer mode. This works for SATA drives as well as they are still IDE drives.

I can't recommend the SysInternals Process Explorer utility enough and is a worthwhile replacement for Task Manager. The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Microsoft acquired Sysinternals in July, 2006. The site is full of useful utilities to help manage, troubleshoot and diagnose Windows systems and applications.

To quote David Coverdale "Here I Go Again!"

2008-03-16T06:50:00.006Z

Click the picture for some classic 1980s rock ballad and insane hairstyles!

Back in January before I split my online ramblings into two distinct blogs I posted about some problems with my main Dell Windows XP box and it's recurrent BSOD problem.

Well last Thursday I found my computer hung up again and after being forced to power it down and rebooting found it extremely sluggish and within a few minutes the familiar "Stop 0x000000F4 BSOD" appeared. Checking the event viewer it was apparent that yet again bad blocks on the hard drive were the problem so I had to run a "chkdsk /r" which this time took the best part of 24 hours!

While it was doing that I decided I would have another look at getting a desktop Linux box running. I was tempted by openSUSE but opted for Fedora8, I have had good experiences with both distributions in the past as opposed to my awful experiences with Ubuntu, I think it may be the hideous brown colour scheme!

My target hardware came courtesy of my neighbour who was disposing of some old pcs. On investigation this old Packard Bell came with a MSI K7TM Pro (MS-6340) motherboard an AMD Athlon 800MHz, 256MB of RAM and NVidia Vanta TNT2 video card and on board sound and a DVD-CD/RW combo drive. I installed a spare 80GB harddrive, boosted the memory to 640MB and stuck in a network card. I upgraded the BIOS (which made a remarkable difference to the options available) and stuck in the Fedora8 Install DVD and off it went.

You can see the Fedora8 running on the left while the XP box on the right struggles to correct itself!

I have been pleasantly surprised how reasonably it runs on relative underpowered hardware and more surprised how much easier I found it to get things running. In the past I have always hardware incompatibility problems, often in the install failing completely, or software problems. So all I have ever done is get a rudimentary server running, mainly so I could use it as a SSH proxy to bypass my previous companies web block and logging! That is not to say I did encounter a few minor problems but they were easily corrected and I will post some of the solutions later.

The machine called "INSANE" is fully integrated into the Windows network, prints and scans using my HP 3210 All-in-one printer/scanner. It plays videos, mp3s and I even compiled the last.fm client!

Can data overload protects privacy?

2008-03-12T07:52:00.003Z

Privacy advocates are probably foaming at the mouth with the shocking revelation that in June 2006 all conversations on the MSN instant messaging system were being collected and passed to researchers Eric Horvitz and Jure Leskovec at Microsoft Research.

They claim they weren't interested in the content of the messages but were simply investigating the behaviour of a 'planetary scale system'.

There is nothing earth shattering about the results, they show people are more likely to chat with others in the same geographical location, age group and of the same sex. But as us pointed out by the arXiv blogger the most interesting aspect of the research is the fact the researchers struggled to cope with the size of their dataset.

"The dataset consisted of 30 billion conversations generated by 240 million distinct users over one month. We found that approximately 90 million distinct Messenger accounts were accessed each day and that these users produced about 1 billion conversations, with approximately 7 billion exchanged messages per day."

"The sheer size of the data limits the kinds of analyses one can perform,"

"Each day yielded about 150 gigabytes of compressed text logs (4.5 terabytes in total). Copying the data to a dedicated eight-processor server with 32 gigabytes of memory took 12 hours. Our log-parsing system employed a pipeline of four threads that parse the data in parallel, collapse the session join/leave events into sets of conversations, and save the data in a compact compressed binary format. This process compressed the data down to 45 gigabytes per day. Processing the data took an additional 4 to 5 hours per day."

For years now various security services around the world have made moves to assemble databases of online communication. They want to watch over phone calls, social networking sites and emails. But extracting useful information, not just generalities like the study mentioned, is going to require massive amounts of storage and processing power.

But to quote the arXiv blogger

So will data overload always protect us from Big Brother’s prying eyes? Perhaps in some circumstances like these but otherwise I wouldn’t count on it. It’s straightforward to sample big datasets like this (although that can introduce problems of its own).

I wouldn’t mind betting that with a little more effort, it would be possible to identify individuals from their travel and chatting patterns, perhaps by correlating the data with local telephone and business directories much in the same way this has been done with search data. However, it looks as if Horvitz and Leskovec have steered carefully around this issue.

Of course, Microsoft doesn’t need to do this since it can store a much fuller set of data anyway including the full text of the conversations and whatever data it has on the identity of the owners.

And you can be sure that more shadowy organisations with access to much greater computing resources will also have this full data set and be happily chewing through it as you read this.

Warning on Firewire Insecurity

2008-03-05T10:50:00.003Z

It is already being wildly reported elsewhere but Firewire (IEEE1394) ports on computers are a potential security risk.

The insecurity has been known about for many years, but with the recent publicity about the Disk Encryption ram hack Adam Boileau has decided to release his tool, which he claims to have sat on for two years waiting for a response from Microsoft.

The insecurity is because the specification of the protocol allows devices on a FireWire bus to communicate by direct memory access (DMA), where a device can use hardware to map internal memory to FireWire's "Physical Memory Space". The SBP-2 (Serial Bus Protocol 2) used by FireWire disk drives uses this capability to minimize interrupts and buffer copies. In SBP-2, the initiator (controlling device) sends a request by remotely writing a command into a specified area of the target's FireWire address space. This command usually includes buffer addresses in the initiator's FireWire "Physical Address Space", which the target is supposed to use for moving I/O data to and from the initiator.

On many implementations, particularly those like PCs and Macs using the popular OHCI, the mapping between the FireWire "Physical Memory Space" and device physical memory is done in hardware, without operating system intervention. While this enables high-speed and low-latency communication between data sources and sinks without unnecessary copying (such as between a video camera and a software video recording application, or between a disk drive and the application buffers), this can also be a security risk if untrustworthy devices are attached to the bus.

Adam Boileau released a Linux Firewire utility that will give you immediate Administrator to an XP machine:

It's two years later, and I think anyone who was going to get the message about Firewire has already got it, and anyone who was going to be upset about it has got over it. Besides, according to Microsoft's definition, it never was a Security Vulnerability anyway - screensavers and login prompts are - as Bruce says - about the Feeling of Security. Anyway, today's release day for Winlockpwn, the tool I demoed at Ruxcon for bypassing windows auth, or popping an admin shell at the login window....
Yes, you can read and write main memory over firewire on windows.
Yes, this means you can completely own any box who's firewire port you can plug into in seconds.
Yes, it requires physical access. People with physical access win in lots of ways. Sure, this is fast and easy, but it's just one of many.
Yes, it's a FEATURE, not a bug. It's the Fire in Firewire. Yes, I know this, Microsoft know this. The OHCI-1394 specification knows this. People with firewire ports generally don't.

Adam's tools include a few Python apps that can copy and impersonate Firewire device signatures, dump RAM on a remote machine, bypass Windows authentication, and extract BIOS passwords. It's not exactly comforting, but I've got a new appreciation for Firewire now. This is the sort of access that used to only be possible by creating hardware that physically connects to the PCI bus. Now all you need is a cable and a laptop.

Watch YouTube in higher resolutions

2008-03-04T09:19:00.002Z

YouTube have apparently been testing higher bitrate encodings of it videos. You can see them if you add a &fmt=8 or &fmt=16 to the video url. Historically, all videos have been delivered to the lowest common denominator, apparently sorenson encoded 320x240. By adding &fmt=6 to the URL, the video is served up in 448x336 resolution and &fmt=18 gives you the iPhone-style MP4 stream.

What videos will actually look better in the higher resolution format is completely dependent on the material that was uploaded to YouTube. Videos uploaded that were already heavily compressed or pre-scaled to 320x240 won't look much different.

Last.fm launches developer gallery

2008-02-29T07:31:00.002Z

Last.fm have launched a new website promoting the various third-party add-ons, widgets and applications created using their API.

It has made me seriously think about creating an add-on for my Twonkyvision UPnP server which I use to listen to music on my Netgear MP101.

I have discovered that the newer versions of the server creates a RSS/XML file showing the last played tracks. It is apparently buggy as it seems to only update the last entry, but it a way into getting the data required to create the application.

Does this mean I have my first project? Keep watching!

Chip and Pin Vulnerabilities

2008-02-28T08:20:00.004Z

BBC Newsnight last night had a report on the vulnerability of Chip and Pin to fraud. The video segment is currently available on Google Video.

A number of academics at the University of Cambridge have published a report online describing the weaknesses. Steven Murdoch and Saar Drimer, have found a number of ways that the criminally-minded could modify PED devices and extract your account number and PIN and all the details needed to create a cloned card. The full pdf is available here

The vulnerabilities they describe have actually been known for a while, and the responses from the various banking authorities and card companies acknowledge this. The attacks are possible because the UK banking industry chose to deploy Chip & PIN cards with the smart chips in a mode that does not encrypt the data exchanged between the card and the PED during a transaction. By tapping these communications, fraudsters can obtain the PIN and create a magnetic strip version of the card to make ATM withdrawals in the UK and abroad.

Newsnight presenter Jeremy Paxman was on top form literally taking apart the APACS Director of Communications Sandra Quinn as she arrogantly and naively claimed the system was completely safe while at the same time accepting the frauds were possible.

Cold Boot attacks on disk encryption

2008-02-21T19:55:00.003Z

The Centre for Information Technology Policy at Princeton University has released research which shows a potential way of breaking encryption systems by reading DRAM contents even after power has been removed.

The Abstract reads

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.

Their website contains a video demonstration of the technique as well as a link to the full research document (pdf)

Obviously this isn't limited just to breaking disk encryptions as all manner of information could be held in RAM at any one time. DRAM is composed of capacitors that need to keep being refreshed dynamically while being used it is this capacitance that is being exploited in this hack.

From the Freedom To Tinker Blog

Microsoft to allow homebrew games on XBox Live

2008-02-20T22:11:00.003Z

With its Gaming Developers Conference 2008 opening keynote, Microsoft has unveiled a service called Xbox Live Community Games.

The service will allow XNA developers to upload their creations to be played by any of the 10 million Xbox Live members, without the previous need for a Creators Club subscription or PC link, in effect creating a 'homebrew' and independent game development and delivery system.

Just over 18 months ago, Microsoft took the bold step of allowing bedroom coders to develop games for the Xbox with it's free XNA development system.

A more detailed outline of their plans can be found on the Develop Magazine's news.