“You dirty slut!” came the shout from outside. It was so loud in fact that I thought it had come from my own garden so I popped open the skylight to have a look and see what was going on. I looked down and I saw a girl walking down the street on her mobile phone, clearly having an argument with her boyfriend, but I think its good for him that they weren’t in the same room – I’ve never heard a voice so loud!

Now that I could hear the true volume of the outburst, given that the pane of double glazing had been removed, I was rather glad I was 3 floors above street level! As I was contemplating closing the window and having a little chuckle about it all in private I heard the skylight on the roof of the next door house click open and saw a head pop out. As we noticed each other there was a brief moment of surprise and then we just started laughing; its amazing how nosy something out of the ordinary makes you and yet you only realise you’re being nosy when someone catches you at it. What was so funny in this case though is that we both had exactly the same idea – she’d thought the noise was in her garden also, and there was no way of hiding our nosy intentions.

For the sake of the sanity of the rest of those who study or work in the School of Computing please stop trolling on the newsgroups. Its annoying, wastes time and doesn’t help anyone, least of all yourself. That is all.

The first iteration of our group software development project is over which means we had to submit a project plan for the rest of it. Things look very promising; the timing works out almost perfectly as we have two weeks leway at the end in case there are any overruns and we need to adjust things and we have allocated slightly over the amount of time we think things will take to each task and we are still under the overall number of man hours we are supposed to take for the project.

I guess it could be said that this all looks far too neat and that there are bound to be complications when we start coding in earnest, but I guess we will just have to wait and see on that one. What is a shame is how much other coursework we have on top of the project, but thats life I guess – full steam ahead!

You would have thought that hard core dance music would be confined to a nightclub, or perhaps your own front room at a push if you were throwing your own party and the guests were that way inclined. You would be wrong however as in the DEC-10 computer lab the other night while I was trying to concentrate on coursework someone over on the windows machines (a coincidence perhaps?) decided it would be a great idea to play a dance music radio station as loud as the tinny little internal speaker of the machine he was seated at would go.

This is both inconsiderate and darn right annoying to boot. If you want to listen to music in the computer labs there are headphone sockets on the front of all the machines, its not like a small, portable set of headphones isn’t cheap either. Seriously, do people have no thoughts for those who prefer silence or the sound of their own music in their headphones to work to? *sigh*

All attempts to contact ebay about this issue/vulnerability through publicised channels proved to be in vain as I got no decent response or action on any of them, so I’m publicising it here in the hope someone who can actually get hold of ebay will let them know. I’m not going to give precise details of the exploit so that anyone could do it, but I’m going to provide enough details so that the risk is made clear to anyone with half a brain (which, judging by the responses I got from ebay staff, they don’t have).

We’ve all heard of spoof e-mails with a link to a fake site that looks like ebay in an attempt to grab peoples ebay logins, but imagine if it was possible to send a link out to people in an e-mail or ebay message that did exactly the same but where the link actually was based at the ebay.com domain. You’ve guessed it, it is in fact possible to do just that.

In various places around the eBay website there are redirects in place, that is to say some code behind the scenes checks to see if a number of things are true before allowing a user to visit a particular page or group of pages and if they are not, redirect a user to another page on eBay first. A truely secure site would ensure that the URL to redirect to was one from inside the eBay domain, but it doesn’t. In fact it allows you to place any link there at all.

What this means is that if a suitable redirect is chosen and a spoof website link is placed in as a part of it, you can send people links in the eBay message system that look to be to a location on the eBay site because of how the URLs start. If the message implies a user may have to sign-in again, the user may not even think its suspicious that the login screen comes up, indeed even if the message didn’t say you would need to login, you need to do it so frequently on the site anyway they would probably still get away with it.

Now while this doesn’t mean every person would fall for it, it certainly makes it more likely you would, especially if you were in a hurry. So what can we do about it? All of you reading this, send a message to eBay. At the very least it will increase their mail volumes which will make me feel better considering how they ignored me, and at best they will finally see that something is wrong. Failing that, just don’t fall victim to this one yourselves! If you see a login screen on eBay check the URL every single time to make sure its legit, even if the link you just clicked on was legit!

For those wondering if I fell for this, no, I didn’t, in fact I don’t believe its being properly exploited yet. I discovered this by somone sending me a legitimate link where they had mistyped the redirect part of the URL and I noticed the potential for damage when I clicked on the malformed link and ended up outside of eBay.

From time to time I hear a song that I like so much that not only do I mention it here but I blog the lyrics. The other week I was round at Heathers and we were listening to some of her music collection and she played me the title track from Mark Knopfler’s album Golden Heart. The music and lyrics combined are simply beautiful, and every time I’ve listened to it since it reminds me of the night I first heard it and puts a smile on my face.

She was swinging by the bangles in a main street store
A while before we met
The most dangerous angels that you ever saw
She spied her amulet

And she took a loop of leather for around her neck
And that was then the start
The most dangerous lady on her quarter deck
She found her Golden Heart
You found your Golden Heart

Then we swirled around each other and the thread was spun
to some Arcadian band
I would stop it from swinging like a pendulum
Just to hold time in my hand

And you shot me with a cannonball of history
And long forgotten art
I’d be turning it over as our words ran free
I’d hold your Golden Heart
I’d hold your Golden Heart

Nothing in the world prepared me for you, your heart, your heart
Nothing in the world that I love more your heart, your heart
Your Golden Heart

And every time I’m thinking of you from a distant shore
And all the time I sleep
I will have a reminder that my baby wore
A part of you to keep

And I’ll send you all my promises across the sea
And while we are apart
I will carry the wonder that you gave to me
I’ll wear your Golden Heart
I’ll wear your Golden Heart

Nothing in the world prepared me for you, your heart, your heart
Nothing in the world that I love more your heart, your heart
Your Golden Heart

A bit of a rant, but it has to be said. Please will everyone consider who they are inviting when they create a group or event and if they would really be interested in joining or going, or more to the point able to join or go. For instance, why invite me to an event thats in another part of the country to me when my calendar clearly states I’m in leeds? Also groups; look at your friends current groups and their profile and decide if your group fits their tastes. Inviting a non-religeous person to a religeous group isn’t a good idea really is it.

The real reason for my gripe is the amount of time it takes me to clear things I’m not interested in. Every day I get invites for events and groups, perhaps 10 or more a day, that I have to then select cancel or not attending to. If thought had been put into the invitations, perhaps I might only have 2 or 3 – much more manageable. I know it doesn’t sound like it takes much time, but its a pain and one that could be avoided. If you don’t think your friend might be truely interested or almost definitely around to make the decision to attend then don’t click the invite button. Please?

Doesn’t sound very blog worthy I know but we got a new washer/dryer installed yesterday because our old one was decidedly broken. In fact it had been in this semi-functional state for some time and we had taken to kicking it or emitting various curses when it stopped in the middle of a cycle or otherwise failed to do its job. The new one is brilliant; not only does it actually work but its all digital which means the old machines problem of having the manual dial get stuck should never occur, what is more its faster, quieter and has a little numerical LED dsiplay on the front informing you of how long its got left to run – brilliant!

You can’t fail to have noticed that I have a new header to my site. This came about after I was thanked for my help on the Xilo forum that I moderate on and someone suggested there be a logo/header competition for my site to allow people to chip in thanks in the form of designs. The winner or should I say the only entry came from Gary, but its very good in my humble opinion and so after a week or so of the competition running with no further entries it now has pride of place on my site. Comments are most welcome and big thanks to Gary for this lick of paint!

A while ago I added and duely blogged about a blog reactions addition to my site. While this was a nice feature it wasn’t well used and seemingly was causing some quite severe slowdowns on the server – on occasion knocking this and other sites clean offline. This feature has now been removed from the site so hopefully the server slowdowns should stop and a faster service should resume for this site too. I’d like to take this opportunity to apologise to other users and sites on the server for any slowdowns or outages and for not spotting and rectifying this sooner.