CCS-PK

If you got a new phone for Christmas (or even before) which has Bluetooth then take basic precautions otherwise you may be quite sorry. See this BBC article for one view.

Two important paragraphs in the article:

"The risk of being infected by Cabir is low because users must give the malicious program permission to download on to their handset and then must manually install it.

Users can protect themselves by altering a setting on Symbian phones that conceals the handset from other Bluetooth using devices."

In other words - think carefully before you install anything AND make sure you set the Bluetooth settings to 'hidden'.

These threats will only get worse and I expect future phones will come with anti-virus software as a basic part of the system. (Before the summer holidays might be worth a few pounds at the bookies.)

What a nice posting to end the year.

A final couple of Christmas-related items.

First, TV-Cream has a Top 100 list of toys. Divided into groups of 10 it is a UK-based look at toys over the years. Almost everyone will recognise some, if not most, of them.

Second, an article from PhysOrg (Physics site) that describes how - despite those skeptics - Santa could manage to deliver the presents each year.

---

And this, being the last post for 2004 I should also say good luck for 2005 (pdf).

Hello again - Santa here one more time.

I am almost at the end of my trip round the world. I must admit I have lost track of how many homes I have visited and how many presents I have put out. I see that the 'Register' has written an article purporting to be an interview with my CIO - do not believe a word of it as I do not have a CIO - I am the CIO while my wife is the CEO.

But I just wanted to thank everyone who left food, drink and gifts for myself and the reindeer. You have all been very generous and it was much appreciated by us.

So for the last time this year, Merry Christmas.

And have a really great 2005 as well.

Hello again - Santa here for yet another post.

I am approaching the British Isles so I hope you are all tucked up in bed now otherwise I might have to pass your homes by - at least on the first fly past. Sleep well.

Merry Christmas.

Hello again - Santa here once more.

Those people at NORAD have been doing an excellent job as usual. They have been tracking me almost continuously since I started - although I managed to evade them briefly near the Kremlin but I bet they will not admit to that.

Still - why not take a look at the videos they have assembled so far.

That is all for now, Merry Christmas.

Hello there - Santa here again.

I have been delivering for a little while now and while I was checking my laptop I spotted the post your teacher made to his 'Quotes' weblog.

It is quite appropriate for young Hen and the other 'disbelievers' out there and quite funny too.

The elves have made millions of Christmas crackers over the last few months but not many have had such good jokes in them as that one.

Ah well - another rooftop coming up so I must get going - Merry Christmas all.

Hello there - Santa here.

I am just about to set off on my journey round the world and thought I would post a message here at CCS-PK again to wish you all a Merry Christmas. Your teacher very kindly gives me access to his weblog each year and this year is no different.

I hope that my message will bring a little cheer to this weblog after the rather gloomy (sorry Mr Pollock) postings this week about computer security.

One thing I want to mention is about how I manage this massive undertaking each year. Young Hen - and other skeptics - do not believe it is possible to visit every house around the world in just one day. Perhaps they should read the NORAD site where they come closest to the truth about me.

Never mind, I am not like Tinkerbell, I do not need people to believe in me in order to keep going. I just keep going

And now is a good time to do just that ...

See you later.

As this article in the Telegraph-Online notes, "Ever since Reg Varney, of 'On the Buses' fame, opened the first British cashpoint, in Enfield on June 27^th 1967, there have been worries about the security implications of making it easier to get your hands on your cash without making it easier for crooks to get their hands on it, too."

It also completely misses the point at the end when it says there's no reason why you should not use the same PIN for your credit card and cash card. That is exactly what you should NOT do because the thief who steals all your cards but has only seen you use your credit card will then know the code for all your cards.

Add this to the likelihood that PINs chosen by many people will be sequences like '1111', '2222', '1234' or '1357' and you have a system where the end-user is the weakest link.

Many people are worried that the banks are using this scheme simply to relieve themselves of the burden of dealing with fraudulent use. By presenting chip-and-PIN as safe and secure they will be able to say "not our fault" when something goes wrong and pass the blame back to the customer.

Take a look at this article at the BBC news site which highlights a concern that has been raised about the security of the 'chip-and-PIN' card security system being introduced in the UK this January.

Finally - this article by Wendy Grossman at the Inquirer makes for interesting reading as it discusses the fact that you DO NOT need to accept 'chip-and-PIN' cards but can request a 'chip-and-signature' card instead. When these are swiped at the checkout they do not require the retailer to obtain your PIN and thus work like the current system - nice.

The following list is copied directly from an article at Bruce Schneier's site. He is an expert on computer security and these are his updated rules for safe computer use. I have copied them here as I think the bullet format may be easier to read.

• General: Turn off the computer when you're not using it, especially if you have an "always on" Internet connection.
• Laptop security: Keep your laptop with you at all times when not at home; treat it as you would a wallet or purse. Regularly purge unneeded data files from your laptop. The same goes for PDAs. People tend to store more personal data--including passwords and PINs--on PDAs than they do on laptops.
• Backups: Back up regularly. Back up to disk, tape or CD-ROM. There's a lot you can't defend against; a recent backup will at least let you recover from an attack. Store at least one set of backups off-site (a safe-deposit box is a good place) and at least one set on-site. Remember to destroy old backups. The best way to destroy CD-Rs is to microwave them on high for five seconds. You can also break them in half or run them through better shredders.
• Operating systems: If possible, don't use Microsoft Windows. Buy a Macintosh or use Linux. If you must use Windows, set up Automatic Update so that you automatically receive security patches. And delete the files "command.com" and "cmd.exe."
• Applications: Limit the number of applications on your machine. If you don't need it, don't install it. If you no longer need it, uninstall it. Look into one of the free office suites as an alternative to Microsoft Office. Regularly check for updates to the applications you use and install them. Keeping your applications patched is important, but don't lose sleep over it.
• Browsing: Don't use Microsoft Internet Explorer, period. Limit use of cookies and applets to those few sites that provide services you need. Set your browser to regularly delete cookies. Don't assume a Web site is what it claims to be, unless you've typed in the URL yourself. Make sure the address bar shows the exact address, not a near-miss.
• Web sites: Secure Sockets Layer (SSL) encryption does not provide any assurance that the vendor is trustworthy or that its database of customer information is secure.
• Think before you do business with a Web site. Limit the financial and personal data you send to Web sites--don't give out information unless you see a value to you. If you don't want to give out personal information, lie. Opt out of marketing notices. If the Web site gives you the option of not storing your information for later use, take it. Use a credit card for online purchases, not a debit card.
• Passwords: You can't memorize good enough passwords any more, so don't bother. For high-security Web sites such as banks, create long random passwords and write them down. Guard them as you would your cash: i.e., store them in your wallet, etc.
• Never reuse a password for something you care about. (It's fine to have a single password for low-security sites, such as for newspaper archive access.) Assume that all PINs can be easily broken and plan accordingly.
• Never type a password you care about, such as for a bank account, into a non-SSL encrypted page. If your bank makes it possible to do that, complain to them. When they tell you that it is OK, don't believe them; they're wrong.
• E-mail : Turn off HTML e-mail. Don't automatically assume that any e-mail is from the "From" address.
• Delete spam without reading it. Don't open messages with file attachments, unless you know what they contain; immediately delete them. Don't open cartoons, videos and similar "good for a laugh" files forwarded by your well-meaning friends; again, immediately delete them.
• Never click links in e-mail unless you're sure about the e-mail; copy and paste the link into your browser instead. Don't use Outlook or Outlook Express. If you must use Microsoft Office, enable macro virus protection; in Office 2000, turn the security level to "high" and don't trust any received files unless you have to. If you're using Windows, turn off the "hide file extensions for known file types" option; it lets Trojan horses masquerade as other types of files. Uninstall the Windows Scripting Host if you can get along without it. If you can't, at least change your file associations, so that script files aren't automatically sent to the Scripting Host if you double-click them.
• Antivirus and anti-spyware software : Use it--either a combined program or two separate programs. Download and install the updates, at least weekly and whenever you read about a new virus in the news. Some antivirus products automatically check for updates. Enable that feature and set it to "daily."
• Firewall : Spend $50 for a Network Address Translator firewall device; it's likely to be good enough in default mode. On your laptop, use personal firewall software. If you can, hide your IP address. There's no reason to allow any incoming connections from anybody.
• Encryption: Install an e-mail and file encryptor (like PGP). Encrypting all your e-mail or your entire hard drive is unrealistic, but some mail is too sensitive to send in the clear. Similarly, some files on your hard drive are too sensitive to leave unencrypted.

Original link via BoingBoing.

Two music links to end the term.

The first asks the question - "Are White Synthesizers cooler than Black Synthesizers?"

The second link is to a page where Joseph Rivers has created a whole load of drum synthesiser simulations. When I checked there were machines from the 60's, 70's and 80's.

For those of you who celebrate, and are looking forward to Christmas, you might want to be reminded that NORAD will be tracking Santa again this year.

Here at CCS-PK Tower we are keeping our fingers crossed that Santa will have time to post a message or two via the blog while distributing gifts around the world. (See last year for example.)

The ever-resourceful Eric Harshbarger has built a working grandfather clock entirely from LEGO. The link takes you to the start of a sequence of pictures showing details of how the clock is constructed.

You can also visit his Lego site here.

---

A related bonus item for you - try this Digital Sundial which, like most sundials is a passive device and needs no electricity. A neat and simple idea that you wish you'd thought of for yourself and is based on something many of us have seen during childhood.

Additional - this post has been delayed because Blogger did not seem to want to publish from this account for most of today.

For those of you who celebrate, and are looking forward to Christmas, you might want to be reminded that NORAD will be tracking Santa again this year.

Here at CCS-PK Tower we are keeping our fingers crossed that Santa will have time to post a message or two via the blog while distributing gifts around the world. (See last year for example.)

Despite current worries over aircraft and terrorism quite a few US airports make available (almost) real-time radar information - some make historical data available too which can be viewed in "fast-forward mode".
San Francisco International Airport (SFO) has a nice site with links for both high-speed and low-speed connections as well as quite useful instructions on using the live map.

Here is my list of airports you can view, it starts with some of the more well-known places:

• John F Kennedy International (JFK)
• Los Angeles International (LAX)
• Boston Logan International (BOS)
• LaGuardia (LGA)
   
   . . . and now some other places . . .
   
• Teterboro (TEB)
• Nantucket Memorial (ACK)
• McCarran International (LAS)
• Bob Hope (BUR)
• St Petersburg - Clearwater International (PIE)
• John Wayne (SNA)
• Martin County - Witham Field (SUA)

Passur appear to be the company that provide the 'Airport Monitor' software that is used by a lot of places and this page has links to many of the airports.

Stalag-13 is the rather worrying title of a site that has a massive number of air-related links and has one page that makes it easy to switch between the different airports with airport-monitor in action. This is likely to be kept up-to-date as new airports are added.

---

NOTES
Be patient, it may take a little while to load all the data required when you first access an airport. Also, bear in mind that some airports will not allow night-time flights (due to noise restrictions for example) and make allowance for the time difference between you and them.

I've used some of the three-letter codes for airports in the description above. Back in March I posted an article about TLAs which had some links about airport codes which might be useful here.

The original link with ideas came from Boing-Boing.

Create your own 12-sided 3D calendar here - there's two shapes available.



This is a rhombic dodecahedron.

If you don't have a decent graphics program of your own - and we're not counting Paintbrush here - then creating interesting effects with pictures is difficult.

The Web-FX site can help.

It will take the URL of a picture and then apply one of quite a few effects directly in your browser. Afterwards you can save or copy the picture.

The example below shows an infra-red or bodyheat effect.

< & >

The first picture was found using Google images, the URL (web address) was then copied to Web-FX and the result was saved. Try it yourself.

 . . . older than you'd think.



This article by Charles Emerson Cook describes how Ernest A. Hummel came up with the idea in 1895 and had it working by 1898. (It includes some pictures too.)

I set this up almost two weeks ago - CCS-BB.

There are several users now but mainly older students - come on younger students.

You won't be able to use the system straight away as registration needs approval first - that's to stop any abuse - so although you can use nicknames we won't allow outrageous ones. We'll only register students and staff ... AND ... you'll need to provide your full name, form and email address when you register.

We'll do our best to process and register you as quickly as we can so be patient.

The name and form are so we can check back while the email address is so that we can sort things out if you forget your password. The email will not be made public although most other details will be visible to other registered users, eg. if you provide your MSN address for others to use.

Early users may well be asked to become moderators - currently there is one forum per year group but others can be added if you make a case for them.

I need suggestions for a ranking system that works for a school, get registered and send me a personal message via the board. And if you come up with a ranking system we'll need the graphics to go with it, at the moment it is a simple set of 'lights' showing how active you have been in posting.

Avatars - I've put a bunch in there but you can add your own.

Go on - try it.

Additional - added 1^st January 2005.
After I messed up an upgrade to a newer version this has been re-started from scratch.

Try this link at McGill University to a game called - 'EyeSpy'.

You have to click on the smiling face in a group of 16 faces. Sounds easy - try it for yourself. Apparently, the faster you manage the better you feel about yourself.

There's another little game on this site too, with the same theme of feeling good about yourself. It's called 'Grow Your Chi' - "become enlightened grasshopper".