My camera arrived. Thanks to DCGLUG members for their advice. If the GNOME photo import tool doesn't work, it may mean you haven't got gthumb installed. It doesn't work well like that ;) Now all I need are some willing models, and somewhere better than flickr to share the results.

Seems that folk tracking the SQL injection worm are counting the occurrences of "winzipices.cn" on the net by typing it into Google and assuming the first number back reflects the number of infected web pages.

Google don't always return every page in a search, so whilst such a method probably produces a good indication of whether such a worm is widespread, or still spreading, as a guide to the absolute number of compromised pages it is fairly hopeless.

Contrast Google searches for:

"winzipices.cn" (about 12,200) against "winzipices.cn site:com" (about 17,400)

Either way you probably don't want to visit any of the resulting pages.

Anyone know a way to get Google to give us its best guess? Google will of cause always be an underestimate.

Line: 2
Char: 1
Invalid Character
code: 0

The problem, a web page doesn't load correctly in IE7.

The error is some variation on the above.

Microsoft support note this as occurring with some ActiveX controls (nope)

Some people note Add-ins can cause this (disable them all and restart browser, nope).

The error (also sometimes "line: 1") seems to reflect that a permissions problem of some sort occurred.

In this case removing the cookie from the site fixed the problem, but we have no reason to believe there is a problem with the web page, or cookie handling other than IE7 sometimes messes up.

Indeed most of the remaining issues with the site in question seem to be IE sometimes messes up, fortunately a workaround exists ;)

On one of our Etch boxes writing to a Windows 2000 server.

Explanation, work around, and fix all here....

http://www.nabble.com/Corrupted-data-on-write-to-Windows-2003-Server-to7763783.html

That'll teach me for believing folks who said "CIFS is better", and "I'm a luddite for using smbfs" etc.

Don't upgrade to this version, the module seems to segfault on starting Apache

The switch for disabling these for PHP scripts is not "mysql.cnf" as some non-Debian hints suggest but "/etc/php5/apache2/php.ini" on Debian (adjust for PHP and Apache versions as applicable).

You might consider this if you seem to accumulate a lot of lurking MySQL processes from web applications that use the pconnect call in PHP, and you thus hit problems with too many connections.

mysql.allow_persistent=Off

Similar setting can be set for various different databases (Postgres, ODBC etc).

Persistent connections allow a resource optimisation, but allowing them permits users to more easily hit the resource constraint "Too many connections in ...", depending on programmer skill.

Unless the same database connections are heavily used, disabling it makes the system administrators life easier (and in our case things run faster, probably as the so many fewer tasks have to be scheduled!). So assume your PHP programmers are brain dead, and disable it till you learn otherwise, and life may be better.

In this instance I am probably the brain dead PHP programmer, although there are a lot of clueless PHP programmers so it might not have been me, and this was in generated code anyway so I probably clicked the wrong button in a point and drool tool somewhere.

This is a note for self. If I understood all this - I wouldn't have hit this problem.

Passed me by until now, but bookmarks can contain executable Javascript, a horrid idea called bookmarklets.

IE6 and IE7 have the good sense to warn users about such bookmarks, where as Firefox (and Iceweasel) is happy to allow them without comment.

It isn't clear to this simpleton how wide the scope of the security gap here is, as the bug reports just note that a proper security context isn't created. At the very least you can read information from the current page and send it to a third party when the bookmark is used, because the boss just created one that does exactly that for perfectly legitimate purposes.

I'll create my bookmarks more carefully in future.

Vote here for a warning...
https://bugzilla.mozilla.org/show_bug.cgi?id=371923

More information on this security "feature"...
https://bugzilla.mozilla.org/show_bug.cgi?id=371179

When you do a ping on recent versions of Debian you get a summary:

2 packets transmitted, 2 received, 0% packet loss, time 1015ms
rtt min/avg/max/mdev = 0.131/0.133/0.136/0.011 ms

I thought I'd check what "mdev" meant, after much searching, and eventually reading the source code (ping_common.c) I got the answer.

In the iputils implementation of ping "mdev" is the standard deviation of the round trip time.

Wikipedia has been corrected. I filed a bug report asking that the documentation and/or code be amended to make it more obvious.

It doesn't matter for most purposes which "deviation" is measured, as you'll usually just be interested in the relative, rather than absolute value of the number (assuming it is a good measure of deviation or variance), although if you were doing statistical checks on a network to establish if changes were significant or not it might be important to know.

I'm guessing the name "mdev" is a result of a translation issue. Some suggested it might be "mean deviation". However standard deviation can be calculated easily on an running basis, but I can't see how "mean deviation" could be calculated on such a basis (statisticians please tell me), so a ping that calculated "mean deviation" would have to store all the round trip times. Although I dare say it is possible to approximate the "mean deviation" in less resource intensive ways.

MacOS labels this "stddev" maybe here it does have a superior user interface.

The UK news is a buzz with the news that arrests for child abuse in the UK using the Internet are up.

Behind this is CEOP, part of the Serious and Organized Crime Agency.

That the numbers are up is hardly surprising, as the agency is relatively new.

Behind the headline figure, it cost just under 9 million pounds to disrupt the activities of 55 sex offenders, and initiate(!) investigations into the identity of 36 abused children.

Now clearly any abuse of children is unacceptable, but one wonders how effective this spending is compared to other forms of policing and social care in improving childrens lives. It would be harsh to judge CEOP on these raw numbers of ~200,000 GBP per sex offender disrupted, as they have done substantial amounts of training of other professionals. But I just wanted to highlight that one shouldn't let the media highlight one aspect of a news story, without critical examination of other aspects. Someone might be trying to spin a story to say save their department from being axed for being inefficient for example.

Kind of my dream place, a world of Nougat.

Wikipedia seems to believe that Nougat traditionally doesn't have peanuts in it, but in the UK almost all retail Nougat contains peanuts. I can't eat peanuts.

Now all I need to do is learn French.

http://www.nougat-chabert-guillot.com/index.php