Alternatives

I still mull over the wasted capacity of the paddocks to grow woodchip and the shanty town to store it. But a woodchip boiler is a big investment and while I suspect the prices won't come down, the features ought to improve as they become more common.

I need a reason to start planting willow coppice now, so I'm running an experiment. Every year I cut down the mass of decorative dogwood that the previous owner liked to contrast with the birches. She may have been right -- she certainly demonstrated that cornus does well here. This year, instead of burning the switches, I've shredded them to get a cubic metre or so of brightly coloured woodchip. It's sitting in a basket made of old wire fireguards, drying off, I hope, in the woodshed. Provided they don't ferment, and they don't seem to be doing that, I'm going to try them in the woodburner to see how they do.

[3 May -- Yes they are fermenting. Arses.]

The most likely outcome, I suppose, is that they'll have failed to dry, or they'll suffocate the fire. But the next most likely is that I've got two hundred pounds of low-grade firewood essentially for free, and that's going to have me sticking in willow slips in the wet part of next winter....

Nationwide Token Delivery

Huge excitement when Mrs U received a smartcard reader for her Nationwide online banking. (OK -- I was excited, and that'll do for the purposes of this post.) It's cheap and nasty -- made in PRC -- and she doesn't have much money in that account , so it looks like an all-customers rollout. I hope it's the proper APACS EMV style job that'll work on any UK payment smartcard. It would be too depressing if they fucked this up with proprietary gimmicks.

I'm really impressed by the potential of the smartcard+disconnected reader combo. It really opens up potential to use the same token -- the card -- for authentication on the PCs (directly with attached USB card readers), authentication on the SSL VPN with untrusted clients (no drivers needed with a disconnected reader and a OTP app on the card), and a building pass with HID coils built into the card. When I'm back at work, I hope to have some integrators lined up to show me what they can do.

Safe vs Free

As vanity/personal sites go, Things of Interest is one of the best. There's a lot of interesting things -- simple but sometimes provocative and robustly logical. Presenting Arguably the most important question of the decade as a poll -- Would you rather be "Safe" or "Free"? is in that style.

As a man I wanted to select "Free", but as a father, I wanted "Safe". But really I knew that the poll was wrong. Here's a mockup of my version.

Which would you rather be:Safe¹ or Free?

¹ Please note that preferring safety to freedom will not make you safer. However the corresponding loss of freedom will be delivered promptly and reliably.

Mind you. It's probably too late for "Free", as well.

Microsoft Abandons AD Shock!

The Microsoft Dynamics CRM product is probably on the shortlist for every greenfield CRM implementation. It's on ours simply because we've slipped a couple of versions in our existing system.

It's no surprise. The system, developed entirely internally by Microsoft, is a showcase for the options available for .net applications: SQL, IIS, Async, Workflow and the rest. It's a modern architecture and I think it would be fair to say that this is how MS expect applications to be built now. Which means that it also contains a really good joke.

Remember Active Directory? I do, in fact I'm pretty sure it was going to be at the heart of the modern enterprise. What that means is a question for another time, what's clear for now is that Microsoft doesn't believe it any more. Dynamics CRM 4.0 barely touches the AD after the user has authenticated. All the access control, all of the organisational structure is built entirely in the application data structures. Domain groups? We've heard of them!

I asked whether this put the DBAs into an access control role we've tried to limit to the helpdesk. The answer was a peach: the data are very normal, but none the less too complicated to edit by hand. And the DBAs won't have the access anyway...

Goodbye AD. Goodbye ACLs. Goodbye integrated access control. I never really believed, but for a while I did hope.

Blue Flash

Here's a fine end to a long slog. I've just started a couple of weeks off and walking home on Friday, just as I crossed the river, I saw a flash of blue zipping along under the bridge a foot above the water.

I'd never seen a kingfisher before, but I have now.

Mind you -- just in case it all seems too springy -- it's snowing thickly today, and there's more promised.

Time Based Rant

My Blackberry 8800 is a handy little device. It's subscribed to a UK GSM network (the UK networks all have reliable GSM time) and it's a GPS receiver (of course GPS is all about time to the microsocond).

So why does the clock displayed on the front drift four or five seconds in a day?

Tossers.

Busy March

Why so many posts in March? Simple -- Mrs U is spending my bonus on builders and I'm sleeping next to attic computer. Easy to post.

Spam Counter - 2008 March: 2,748

Replica Rolex, Gucci/Prada, penis drugs, gambling, diets and some rubbish phishing. That last is interesting as I've been seeing some very good quality spam directed at Google Adword customers.

Lust for Life in the Hedgerow

The willow benders I wove along the top of the lay are flowering in one last effort. They'll die as the wands dry out.

And Mrs U found a fine toad -- moist and warm -- waiting for insects to attack the lambs lettuce in the greenhouse.

Last Logon Time

I have discovered a fascinating little gobbet of truth about the Active Directory 2003 records of the time users last logged on. The summary is this:

• The Last Logon attribute tells us nothing useful. It's the time the user last logged on to the domain controller the query was run on. So if you run the query on a DC that doesn't do much authentication, you'll wonder why no-one has been logging on lately. Ignore this attribute unless you are gathering records from all DCs and selecting the latest...
• The Last Logon Timstamp is different. It's the time the user last logged on to any DC in the domain. Aha! Problem solved? Sort of -- because the attribute is replicated across the domain, you'll get the same answer, give or take replication time, regardless of the DC you query. The only little fly in the ointment, leaching dark fluids and tainted chitinaceous fragments into the smooth white emulsion, is that replication time. It's not a minute. Or an hour or a day or a week. It's a fortnight.

So the proper interpretation of this field is something like this:

• Blank: If the user has ever logged on, they must have done it in the last 14 days. Or perhaps they never have.
• Date: The user definitely logged on on that date, and may have logged on any time up to 14 days after.

In practical terms, that means your script purging not-used-lately or totally-unused accounts can't delete an account on the basis of a blank Last Logon Timstamp. If you want to delete accounts that have never been logged on, you'll have to find another way.

Sir Arthur C. Clarke

His death is the important news today. Rumours about bank liquidity are secondary.

Spam's Back (If it was ever away)

Google Mail has a spam detector that works pretty well for my purposes. All the spam that comes in gets purged into a separate folder and there it is in the folder list on the left: "Spam -- 900 unread". Of course, it doesn't mount up for ever: Google purges everything older than thirty days.

What this gives is a rather sensitive spammeter. Changes in the number of messages in my spam folder ought to track the amount of spam on the internet in the last thirty days.

The news is bad. Before Christmas, the level had been declining gently, down to 900-odd. The last time I looked it was at 2,350.

The reason it's worse than doubled is pretty clear. All of the subtly dissected images from last year's stock pumps have gone -- everything now is a mildly suggestive subject and a penis-pill link. Easy to send, easy to multiply, and with a spoofed address it looks just like "Mail this story to a friend" traffic, so it's devilishly hard to spot.

Autistic Happiness

Ours is the first age where autistic children can be happy.

It's because we have Google and youtube. Google is good -- it searches, and if you've got a special interest a search engine is part of what you need.

Youtube goes a little further. For certain we have the train videos posted by all the sainted spotters who have made the more mad son contented, stimulated and entertained from a nice safe indoor seat. That's very good. We have the Thomas videos -- very naughty, very welcome -- which have come back into his life now he's starting to get a glimmering of relationships and consequences. It goes further than that.

This picture shows why. It's the logo you'll find in the front of a lot of Thomas tapes from the eighties and nineties. Others are Strand and VCi. So it's no surprise I grabbed it off a youtube post.

What is a surprise is that this isn't the opening frames of a pirate post. It's from VCI Backwards, one of dozens of posts composed from these publisher's logos. No content, just the logos and jingles, forward, backwards, foreign variants, compilation sand the Dear knows what else.

And they're popular! VCI Backwards shows 31,000 viewings. My thesis is that the vast majority of those viewings is from ASD boys who have found whatever spark of interest lies in collection and comparison of these snippets.

Certainly Ravy D's a fan. He won't know to post fan art so I'm doing it for him: this is his interpretation -- perhaps tribute is a truer word -- of The Video Collection.

The original was created in Windows Paint as a 1.7MB BMP. This extract -- a 6KB GIF -- includes all the non-white content and was prepared in Irfanview.

Cider Outcomes

Well, the cider took. The mostly-Bramley fermented nicely to produce a splendid but very strong and tart drink by Christmas. The brew from the mostly-Spartan was slow to start and hasn't conditioned as well, and is indeed rather bland but just as strong and it softens the Bramley rather well. They're both still improving and drink very nicely in a fifty fifty blend in the glass.

Key point one seems to be that a pressure barrel is well worth the expense. Neither brew is as good after going flat in the fridge. And the second is that fining doesn't seem to make much difference -- it threw a lot of sediment but it was still cloudy. The unfined Bramley brew is probably the clearer of the two now.

The truly shocking thing is how much the supermarket bill has gone down after I started drinking homebrew. That decline in revenue is probably why Alastair had to put the booze tax up in the budget.

Terrorist Spies

I found out whether I believe in evil terrorists reconnoitring for their next target.

Rather to my surprise, it appears that I do.

At 06:50 I saw a clean-looking man in a hi-vis vest photographing an iconic tower, leaning back to get the upper parts in. After a few shots he hopped into a clean-looking, unmarked refuse lorry waiting at the curb and his mate drove him away. The photograph, the building just didn't hang together with the refuse lorry, and everything was really much too clean, so I noted the number of the lorry, and when I got to work, I wrote it all down.

I wasn't too happy with claiming that it was a terrorist planning exercise, though, so I tried it on a few people to see how it sounded. But I couldn't persuade myself it was even slightly normal and so I dropped it on the Met's reporting site.

Am I perhaps an hysterical old bat?