Books

Books

03 September 2006

Janus Project PC can scan 300 WiFi networks at once


A wireless hacking computer that can't be hacked

Humphrey Cheung

August 30, 2006 11:31



Las Vegas (NV) - If you think seeing a dozen wireless networks makes your computer the ultimate scanning box, think again. A small security firm has made a portable computer that is capable of scanning 300 networks simultaneously. Dubbed the "Janus Project", the computer also has a unique "Instant Off" switch that renders the captured data inaccessible.

The computer is the brain-child of Kyle Williams from the Janus Wireless Security Research Group in Portland, Oregon. We first spotted Williams sitting quietly and sipping Mountain Dew at the recently held Defcon security convention at the Riviera Casino in Las Vegas, Nevada. While it appeared as if Williams wasn't ver busy, the bright yellow Janus computer in front of him was scanning and capturing data from hundreds of wireless networks in range.


t first glance, the Janus computer looks like a laptop, but Williams said it is much more powerful than that. Inside the rugged yellow case sits a mini-computer motherboard powered by a 1.5 GHz VIA C7 processor and an Acer 17" LCD screen. Ubuntu 6.0 Linux runs the eight Atheros a/b/g Gold mini-PCI cards which continuously scan wireless networks. The mini-PCI cards are connected to two four-port PCI to mini-PCI converter boards. The wireless data is stored onto a 20 GB hard drive.


Kyle Williams, aka "Goldy", poses with his Janus computer

While the eight Wi-Fi cards are impressive, the Janus box also has two Teletronics 1 watt amplifiers along with external antenna ports in the back of the Pelican case. Williams made every port watertight by sealing them with epoxy and silicone. "When the lid is closed, it is essentially waterproof," said Williams.

So what does all of this wireless firepower provide? The Wi-Fi cards allow Williams to continuously scan and capture traffic from any wireless channel. Williams likes to continuously dump the raw network traffic to the hard drive, while running the Kismet scanner to get a "bird's eye" view of the area. From his Riviera hotel room and using a 1W amplified antenna, Williams said his Janus computer was able to capture data from 300 access points simultaneously. He said over 2000 access points were scanned and 3.5 GB of traffic was captured during the entire convention.

In addition to scanning for wireless traffic, Williams says the computer can break most WEP keys very quickly by focusing all eight wireless cards on the access point. Using a combination of common utilities like airreplay, airdump and aircrack, Willams said, "When I use all 8 radios to focus in on a single access point, [the WEP key] lasts less than five minutes." However, he added that some retail wireless access points will "just die" after being hit with so much traffic.

In addition to the capturing process, the hard drive and memory contents are continuously encrypted with AES 256-bit keys. There is also an "Instant Off" switch that, according to Williams, renders the captured data inaccessible to anyone but him.

Williams and his friend Martin Peck optimized the OS crypto software to take advantage of the C7's hardware crypto engine. During normal operation the operating system loops the XFS file system, along with the swap partition, through the AES 256-bit encryption. For added security, the encryption keys are rotated throughout the entire memory space.

After the Instant Off switch is hit, a USB key with a 2000-bit passkey and a manually entered password are needed to access the computer. Williams said that even if someone managed to grab the USB key, they would still have to "torture or bribe me" to get the password.

Williams is improving the Janus computer to crack wireless networks even faster. He is optimizing software routines to use the C7 chip to crack WPA and WPA2 protected networks without the use of Rainbow tables. He is also working on breaking SHA1 and RSA encryption in a single processor instruction cycle. Previous methods have required multiple clock cycles to go through one cracking pass.

Williams told us that he has spent a few thousand dollars building the Janus computer and hopes to make his money back by selling commercial versions to big companies and government organizations. "Maybe one day I could get the military to be a customer," said Williams.


http://www.engadget.com/2006/08/31/janus-project-pc-can-scan-300-wifi-networks-at-once/
http://www.tgdaily.com/2006/08/30/defcon2006_janus_project/

01 June 2006

Dr. M dedah rahsia cemerlang dalam pelajaran

PENDANG 31 Mei - Bekas Perdana Menteri, Tun Dr. Mahathir Mohamad mendedahkan rahsia kejayaannya menjadi seorang doktor perubatan kepada 404 pelajar yang mengikuti projek Kem Kedah Gemilang di Maktab Rendah Sains Mara (MRSM) di sini, hari ini.

Menurut beliau, antara rahsianya ialah membaca sesuatu subjek itu berulang kali walaupun timbul perasaan jemu untuk berbuat demikian.

``Ketika belajar di universiti dulu, saya hanya dapat 3A sedangkan ramai rakan yang lain dapat 6A dan 7A. Mereka perli saya supaya balik dan jangan belajar di universiti itu lagi.

``Bagaimanapun, saya memperkuatkan azam dengan membaca dan terus membaca berulang kali sehingga saya boleh menggambarkan muka surat yang saya baca itu di atas kertas peperiksaan,'' katanya.

Beliau berkata demikian ketika menyampaikan ucaptama dan menutup kem tersebut.

Seramai 404 murid tahun enam dari 33 sekolah rendah yang berpotensi mendapat 5A pada Ujian Penilaian Sekolah Rendah (UPSR) tahun ini dipilih mengikuti kem empat hari itu sejak Ahad lepas di MRSM Pendang.

Ia dianjurkan Ahli Dewan Undangan Negeri Sungai Tiang, Suraya Yaacob dengan kerjasama Majlis Guru Besar daerah Pendang dan Pejabat Pelajaran daerah Padang Terap/Pendang.

Pada majlis itu Persatuan Bekas pelajar MRSM (Ansara) menyumbang RM10,000 untuk Pusat sumber MRSM Pendang.

Turut hadir ialah isteri Dr. Mahathir, Tun Dr. Siti Hasmah Mohd. Ali.

Dr. Mahathir seterusnya berkata, tidak ada jalan singkat untuk berjaya selain memperbanyakkan bahan bacaan dan melakukan ulang kaji secara kerap.

Dalam pada itu, beliau mahu pelajar lelaki supaya lebih rajin untuk menyaingi pelajar perempuan dalam pelajaran berikutan penguasaan kaum itu 60 peratus di universiti pada masa ini.

``Sebagai lelaki, golongan itu mempunyai tanggungjawab lebih besar daripada kaum perempuan dan sebab itu hendaklah lebih rajin,'' tegasnya.

Sambil berseloroh beliau berkata: ``Takkan nak kahwin misyar kot. Kenalah belajar betul-betul, malulah.''

Selain itu, beliau menasihati para pelajar supaya menuntut ilmu bukan untuk lulus peperiksaan semata-mata sebaliknya berazam untuk mengubah nasib orang Islam yang semakin ditindas di dunia ini.

Katanya, negara Islam yang menguasai ilmu dapat membantu negara Islam lain daripada ditindas oleh musuh-musuhnya.

``Sebab itu kerajaan melaksanakan semula pembelajaran subjek Sains dan Matematik dalam bahasa Inggeris selain menguasai ilmu agama untuk pelajar kita bersaing pada peringkat global,'' katanya.

06 April 2006

Cortex Matures Faster In Youth With Highest IQ

Cortex Matures Faster In Youth With Highest IQ

Youth with superior IQ are distinguished by how fast the thinking part of their brains thickens and thins as they grow up, researchers at the National Institutes of Health's (NIH) National Institute of Mental Health (NIMH) have discovered. Magnetic resonance imaging (MRI) scans showed that their brain's outer mantle, or cortex, thickens more rapidly during childhood, reaching its peak later than in their peers — perhaps reflecting a longer developmental window for high-level thinking circuitry. It also thins faster during the late teens, likely due to the withering of unused neural connections as the brain streamlines its operations. Drs. Philip Shaw, Judith Rapoport, Jay Giedd and colleagues at NIMH and McGill University report on their findings in the March 30, 2006 issue of Nature.


The developmental trajectory of waxing and waning in cortex thickness differs as the brain matures in different IQ groups. Thickness of the area at the top/front/center, highlighted in MRI brain maps at left, peaks relatively late, at age 12 (blue arrow), in youth with superior intelligence, perhaps reflecting an extended critical period for development of high-level cognitive circuits. (Source: NIMH Child Psychiatry Branch)

"Studies of brains have taught us that people with higher IQs do not have larger brains. Thanks to brain imaging technology, we can now see that the difference may be in the way the brain develops," said NIH Director Elias A. Zerhouni, M.D.

While most previous MRI studies of brain development compared data from different children at different ages, the NIMH study sought to control for individual variation in brain structure by following the same 307 children and teens, ages 5-19, as they grew up. Most were scanned two or more times, at two-year intervals. The resulting scans were divided into three equal groups and analyzed based on IQ test scores: superior (121-145), high (109-120), and average (83-108).

The researchers found that the relationship between cortex thickness and IQ varied with age, particularly in the prefrontal cortex, seat of abstract reasoning, planning, and other "executive" functions. The smartest 7-year-olds tended to start out with a relatively thinner cortex that thickened rapidly, peaking by age 11 or 12 before thinning. In their peers with average IQ, an initially thicker cortex peaked by age 8, with gradual thinning thereafter. Those in the high range showed an intermediate trajectory (see below). While the cortex was thinning in all groups by the teen years, the superior group showed the highest rates of change.

"Brainy children are not cleverer solely by virtue of having more or less gray matter at any one age," explained Rapoport. "Rather, IQ is related to the dynamics of cortex maturation."

The observed differences are consistent with findings from functional magnetic resonance imaging, showing that levels of activation in prefrontal areas correlates with IQ, note the researchers. They suggest that the prolonged thickening of prefrontal cortex in children with superior IQs might reflect an "extended critical period for development of high-level cognitive circuits." Although it's not known for certain what underlies the thinning phase, evidence suggests it likely reflects "use-it-or-lose-it" pruning of brain cells, neurons, and their connections as the brain matures and becomes more efficient during the teen years.

"People with very agile minds tend to have a very agile cortex," said Shaw. The NIMH researchers are following-up with a search for gene variants that might be linked to the newly discovered trajectories. However, Shaw notes mounting evidence suggesting that the effects of genes often depends on interactions with environmental events, so the determinants of intelligence will likely prove to be a very complex mix of nature and nurture.

Also participating in the study were Drs. Dede Greenstein, Liv Clasen, Rhoshel Lenroot, and Nitin Gogtay, Child Psychiatry Branch, NIMH; and Drs. Jason Lerch and Alan Evans, Montreal Neurological Institute, McGill University.

18 February 2006

ASEAN "Association of Southeast Asian Nations"


ASEAN

Logo ASEAN
ASEAN, merupakan singkatan bagi "Association of Southeast Asian Nations" atau Persatuan Negara-Negara Asia Tenggara. ASEAN ditubuhkan pada 8 Ogos 1967 di Bangkok dengan tujuan untuk mengukuhkan kerjasama serantau. Negara anggota mengadakan mesyuarat pada setiap November.

Prinsip Utama ASEAN
Prinsip prinsip utama ASEAN digariskan seperti berikut:

* Hormat terhadap kemerdekaan, ketuanan, kesamaan, integriti jajahan dan identiti nasional semua negara
* Hak untuk setiap negara untuk memimpin kehadiran nasional bebas daripada campur tangan luar, subversif atau koersion (coerion)
* Penyelesaian perbezaan atau perdebatan dengan aman
* Menolak penggunaan ketenteraan
* Kerjasama effektif antara anggota

Ahli ASEAN
Kini ASEAN dianggotai oleh hampir semua negara di Asia tenggara kecuali Timor Timur dan Papua New Guinea. Negara negara anggota adalah seperti berikut:

* Brunei Darussalam
* Filipina
* Indonesia
* Kemboja
* Laos
* Malaysia
* Myanmar
* Singapura
* Thailand
* Vietnam

Sejarah
Untuk rencana lanjutan, lihat Sejarah ASEAN
ASEAN ditubuhkan oleh lima negara pengasas; Indonesia, Malaysia, Filipina, Singapura dan Thailand di Bangkok semasa proses penandatanganan satu perjanjian yang dikenali sebagai Deklarasi Bangkok. Menteri luar ketika itu ialah Adam Malik (Indonesia), Narciso R. Ramos (Filipina), Tun Abdul Razak (Malaysia), S. Rajaratnam (Singapura), dan Thanat Khoman (Thailand).

Brunei menganggotai ASEAN pada 8 Januari 1984 iaitu seminggu selepas mencapai kemerdekan. Hanya selepas 11 tahun kemudiannya ASEAN menerima ahli baru. Vietnam menjadi anggota yang ketujuh pada 28 Julai 1995, Laos dan Myanmar menjadi ahli dua tahun kemudianya, iaitu pada 23 Julai 1997. Walaupun Kemboja sudah menyertai ASEAN bersama sama Myanmar dan Laos, Kemboja terpaksa menarik diri disebabkan masalah politik dalam negara tersebut. Namun, dua tahun kemudiannya Kemboja menyertai semula ASEAN pada 30 April 1999.

Timor Timur
Negara baru Timor Timur, dahulunya dalam Indonesia, terpaksa berhempas pulas untuk mendapat status pemerhati dalam ASEAN. Namun, banyak negara dalam ASEAN tidak menyokong penglibatan Timor Timur pada akhir 1990an atas rasa hormat kepada Indonesia. Myanmar, terutamanya, menentang pemberian status pemerhati kepada Timor Timur kerana sokongan Timor Timur terhadap perjuangan Aung San Su Kyi.
Sejak kemerdekaan Timor Timur pada Mei 2002, ASEAN telah banyak membantu negara baru ini. Timor Timur telah dijemput untuk hadir dalam beberapa mesyuarat ASEAN. Walaubagaimanapun, Timor Timur masih dilantik sebagai negara pemerhati.
ASEAN dianggar merangkumi 500 juta orang dan merangkumi kawasan seluas 4.5 juta kilometer per segi.

22 January 2006

Life as a Linux/Unix admin in a Windows world - PT1 The experience

Disclaimer
This article is not meant, in any way, shape, or form, to put down Windows Admins. Every group has bad eggs, and this is just me writing my experience with the "bad eggs." Please keep in mind, Part 2 of this article will go through my experiences with good Windows Admins, as well as bad. Not all Windows admins are morons, just like not all Linux/Unix admins are the l337.

Introduction

I have been a professional Linux/Unix Admin for about 7 years now. I actually started off as a Junior Admin at a Linux company. The experience there, taught me a lot, but also got me spoiled. You were made fun of if you used Windows.

At that company, every desktop in the building was running some distro of Linux. Except for one Exchange Server the Development Team used when writing an email client for Linux, and Solaris that would communicate 100% to exchange (yes before evolution did it, and before exchange 2000).

So basically I never had to argue about Linux/Unix stability, ease of use, etc.

I left the Jr. Admin Job to be a full-time Admin at a web development company. The company was awesome, everyone was super nice and to this day I say it was the best job; however it did have its rough areas.

Most of our projects were PHP, Java or ASP, so we ran apps like Tomcat, Websphere and Oracle Application Server (basically a souped up apache with Java built in).

I got hired to take care of all Unix/Linux machines, but little did I know that I was the only Linux/Unix Admin among 5 Windows admins...yes count em 5!

My First Incident with a Windows admin
Our windows admin always gave me a hard time about Linux. He always told me it was less stable, and much harder to work with.

To prove my point, I challenged him to an up-time contest. So he set up his own DNS Server to be a slave to the Master DNS I had just set up using Linux.

After about 120 days I get a call from our Windows admin bragging that my Linux DNS server went down. I was in shock. How the heck did this server go down? I had to have a look.

I went to the KVM switch to bring up my server. When the screen came up, there was a Windows log in prompt.

I was in disbelief. I actually checked all the connections to make sure they were correct.

Come to find out, my clearly labeled LNXDNS-server01, was the victim of a Win2k Server install by the same Admin I had challenged in the up-time contest.
He felt really bad when I asked if that was his way of trying to beat me in the uptime contest.

If your curious, the contest was a blow out. The Windows machine got a virus and failed around day 140. My Linux server went more than 400 days before I had to disconnect it when the company moved to a new location.

Actually, the first incident wasn't to bad. It was actually funny, more than anything.

More Issues
[before I begin this section, I'd like to stress that my jobs has always been great because of the people I work with]

One of the on-going issues was working with the 7 people in charge of the technical team. All of them were cool in there own way, but only one understood Unix/Linux. It was actually a little worse with him because he knew the basics because he, had been a Unix administrator many years ago.

Lets go into some of those issues:

Support

Now, this exact item can be a pain in the ass if your not running a commercial Unix or Linux. I am a firm believer in FreeBSD and some of the free Linux's. However, they do not have commercial support, this caused a lot of unneeded panic. This is how I handled the situation:

Boss: Do our CVS, FTP, PHP/Apache servers have support?
Me: No, they are running a very stable OS called FreeBSD, and they are backed up on a daily basis using a custom perl script I wrote that sends the backups to our fileserver via FTP.
Boss: Thats good, but why don't we have support contracts on these?
Me: Uh, not to sound harsh; but my job is to support these machines correct?
Boss: Yes, but still
Me: Well heres the thing, FreeBSD doesn't have official commercial support. You can hire someone to do this, but your basically going to get someone like me (with more or less knowledge) and pay a lot more money.
Boss: O.k, I see now. I am sorry about the misunderstanding, I am so used to having support on our Windows machines that it seemed odd.

Now this boss was very cool, and very open minded. The great thing is this made him think. Now we had 5 Windows admins, and we payed for every OS ($1000+) and also paid for the top level support contracts with Microsoft.


Now think about that. What the hell is the point of a Windows Admin with all that support? You would think that we could hire a person with basic Windows knowledge to take care of these machines and call support when needed. Or we could have the guys we already have, and not pay for the support. The Windows world is a very confusing place. I know my boss was thinking hard about these things after that conversation.

Virus Scanners

I have had this conversation with every boss except the ex-Unix Admin boss. The conversation usually went like this:
Boss: Windows Admin-A tells me we don't have a virus scanner running on any of our Linux or Unix machines. I need you to find how much this will cost us, and give us a estimate on the time it will take.
Me: There is a reason why we don't run a Virus scanner; because its not needed.
Boss: Why is that? (Keep in mind the Windows Admin did this knowing we didn't need it, think he thought it was funny)
Me: Well none of the Linux machines are fileservers or Email Servers
Boss: So? They are still exposed to the outside world, we have Windows machines that aren't Email or Fileservers and they need and have virus scanners.
Me: Thats true, but Apache, Oracle, Websphere etc are not easily exploited as IIS or any other Windows service. Virus's, just don't exist in the Unix/Linux world like they do in Windows. When a Linux/Unix machine is exposed to the world, I do my job by locking it down and turning off easily exploited services like telnet, talkd, ftp , dns etc. The only thing we have to worry about are rootkits, and I have plenty of measures to stop them and to alert me if we catch one.
Boss: How much did that cost us, and what is the software called.
Me: All of the software was free. I use chkrootkit and Tripwire.
Boss Uh, O.k. Sounds good (has a confused look on his face)

Thes situations were not to bad, but it becomes annoying. It really makes you want to beat your head against the wall when your boss who happens to run the technical side of the company ask questions like this. Man I need to get into management somehow.

Getting Excluded because your a threat
The incident I'm about to write about could of been avoided if I had been involved at the start. Anyway this is a combination of issues with other admins, and power.

It all started when we got a new client, and I mean a big client. The client was to buy all the hardware, software and support as suggested by us. Now, the project is 100% Linux, so you would think they would bring in the Linux Admin to help make the decision right? Well, they didn't. The current "manager" I had, was put in charge of the group. Sort of the head administrator.


Anyway the sales guys brought him in, (they didn't know the difference between OS's and admins) and asked him to help. Usually when this happens we will all have a meeting a discuss it, not this time.

The first thing that went wrong was the sales people brought in Experts, who brought in there own experts. The project was a Oracle/Oracle application design. We needed a production environment, patch, dev, test, standby and failover! IBM came in and brought their friends VMWare along. In the end, my manager came out with 3 machines, 3 copies of VMWare ESX, and 5 copies of Redhat AS 2.0.

Had I been consulted, the company could have saved about $15,000 (yes thats right) and ended up with the correct hardware/software combinations of 3 machines, 1 copy of VMWare, and 3 copies of Redhat AS 2.0.


So I can let that slide as not my problem. However it was a problem when the manager laid out what we are going to do:

Machine one (PROD): Install VMWare ESX and install 1 virtual OS. (yeah, I know whats the point of running vmware with only one OS)
Machine two: Install VMWare ESX and install 4 OS's (patch, dev, test and failover) - Not to bad, but don't like failover setup this way
Machine three: Install VMWare ESX and install 1 OS (again, the point of VMWare is?)

I questioned this, and he basically gave me a hard time. Saying it was the best way and that I had no clue what I was talking about because I have never used VMWare ESX. O.K whatever, I went around him. His Boss pretty much ignored me too.

Now the kicker, Production is running one virtual OS, and needs the Oracle database, and Oracle application running on it at once. According to my boss, the best way to do this is to cripple the OS by putting it on the second layer (layer one is VMWare, layer two is OS). Then, lets install 6Gigs of ram, but only allow the OS to access 3.5Gigs.


Now, you newbies out there may not know this but X86 hardware has limits, and Vmware has them to, so each process is limited to 3.5Gigs of ram (VMWare treats each OS as a process), thus we get limited use of the ram.


As you can guess, when we went live we saw a huge performance problem. We ended up installing another OS and Split the DB and Application. This helped out a lot, but could of been avoided from the start if we just didn't run VMware on it.


We could of had one machine running both apps and db, taking full advantage of 6Gigs of ram and be running at full speed un-virtualized. But, we were stuck with the setup. We couldn't destroy VMWare, and just go full Redhat because uptime for this client was important. Luckily the split was easy to do with VMWare.

The fact that we bought 4 licenses of Redhat for 1 machine is pathetic. Think about this, when you buy Redhat your paying for a license for one machine. So 1 license should work. Oh well, again not my problem.

In the end, the client turned out to be OK and the boss, manager and I ended up leaving. My boss, never saw me as a threat he was just doing the wrong job. He should of been managing another team. My manager, however, was very threatened by me. He would get new projects and never let me in on any of it. He would exclude me from meetings and all kinds of stuff.


So watch your back. If your company runs both Windows and Linux/Unix, and you know your way around both, be prepared for people to dislike you.

Oh no, I now have to take care of Windows too!
Just like every company back in those days, we had layoffs.


Everyone knew that I was a Unix/Linux Admin, but people later found out that I was capable of PHP coding and even Windows administration.


As we lost our PHP developers, and our ASP deployment Admins, I got stuck with the ASP Deployment. Nothing to complicated handling this stuff. However, 1 year later they laid off all admins and decided that since I could administrate both Windows and Linux that I will do both.

Being in charge of all machines has it perks and downsides. A big perk was that I had full control, and with this we (meaning me) decided it would be best to replace all Windows servers that could be replaced with Linux or FreeBSD.


I started small by moving our FTP servers over to BSD. Later, I converted all of our SourceSafe Servers over to CVS. The developers loved me after converting to CVS! Our firewall was nothing complicated, so I moved this over to. Man everything was Linux/Unix except our email. And there was no way I would get around this.

With all the perks mentioned above I must mention the downside... That Exchange 5.5 server was hell.


I knew nothing about it. Adding new accounts at first was a total pain in the butt. On top of that the storage area was running out of space, and people refused to delete email (small company, so they got away with it).


So, I did some searching one day and found that there was a exchange Log directory with over 15 gigs of used space! OMG, wtf. These logs were old, I mean like 3+ years old.


So, like any Unix Admin I did some cleanup. I deleted half of the logs and thought everything was cool. 20 minutes later email is down, WTF. Apparently the logs, were not just logs but journaled data or something odd like that. Now that is weird.


Microsoft needs to learn to name things differently. Logs should be logs, and should be there just for history. 25 hours later (yes I worked 25 hours straight), after talking to MS morons for 7+ hours (keep in mind they charge for this) I got email back up with almost nothing lost. This was a huge nightmare.


First off, we had no backup server. We were running so low on money that we couldn't afford to fix the backups. Second, this email was important, we are talking 5 years of email for every employee. After this, I made sure to read up on any changes. I won't even go into the nightmare of me converting from Exchange 5.5 to 2000. Granted the machine after that is more stable, but it was hell converting.

People who get that you know your stuff
This can be good and bad. As a Unix/Linux Admin, people know that I am capable and will take advantage, especially the Windows admins.

Now, we had a situation where a file needed to be transfered via FTP from a Windows box to a Linux box. Well apparently the Windows Admin thought it would be better if a script was written on the Linux machine. So I had to write a script to go and get files, rename them etc. I also had to do the opposite, no big deal but as you can see the Windows Admin sort of proved me right by basically saying its easier to do this stuff on Unix/Linux machine than it is on Windows . In fact you can see the simple script I wrote in our forums.

I had this kind of stuff happen all the time, and I gladly did them. Why? Because it shows my co-workers that Unix/Linux are better, and that I am capable. So its a win/win situation. It may suck to do the work, but you know what that's my job even if the other guy is lazy. I have been at my company for 5+ years now and lived through close to 5 rounds of layoffs; wonder why I am still here while all the other admins got laid off?

The a$$hole Winblows admins
I've only worked with one really bad Windows Admin, but most of them have done stupid shit that just pissed me off.


As a Linux/Unix Admin you will be told frequently how the system you work with is old and outdated, complicated, and just plain stupid when compared to the great thing they call Windows. I have learned that you just have to nod, and not argue with them because its pointless. For every proof you show them, they will come back with some BS MS FUD. You could be mean, and say the system is easy, it's just that your so stupid you need to click shit to make a server run...but that wouldn't be good So do like me, and just not fight it. I have tried to fight it in the past and it was just pointless and got no where. Don't fight win fan-boys of any kind. And for the record, Linux fan-boys are just as bad as Windows fan-boys.

The Dumb-asses
OK, so a good Linux/Unix Admin will be jack of all trades when it comes to the computer world. Most will have some basic knowledge of just about everything. I want to explain a situation I ran into a few years back that made my jaw drop and got me so freaking frustrated.

We lost power, and I came in along with our Windows Admin at the time to check in on a 2 servers that didn't come up automatically. One Windows and one FreeBSD.


Windows Admin goes to his and to his surprise the Windows machine is going in reboot loop. BIOS, OS start, reboot, BIOS, OS start reboot etc, basically a file system error occurred that was fixed by booting into safe mode and running scan disk I believe.


So we go to my machine and its hung at the BIOS level. I turn it off and turn it back on, same thing. Right after the memory count, and before the SCSI initialization it hard locks. Hrmm, that's weird. I show Windows Admin who laughs at me. This is how the conversation went:

Win Admin: Damn unstable Linux, if that thing was running Windows you would of been able to easily fix it.
Me: Huh (keep in mind, this guy has A+ certification so he should know how a computer works)
Win Admin: System won't even start to boot, Linux really bit the dust that time ha ha.
Me: Hey smart guy, you are aware that it hasn't even tried to touch the Master Boot Sector?
Win Admin: Like I know that Linux crap, you don't have to worry about that crap in Windows.
Me: OMG (I start laughing).
Win Admin: Whats so funny?
Me: Let me get this straight, your A+ certified correct?
I then go on to explain that the issue is not a OS, but at the hardware level. And I also taught him what the master boot record was.

Now all Windows admins are not this way, but in my experience most of them don't know half about OS's or Hardware then your average Unix/Linux user. So keep this in mind. We are a rare breed, in a dumbed down world. Don't blame the Win Admins, blame MS for making crappy and un-open software so they can make money off of businesses (anyone and their dog could get MS certified).

07 January 2006

Behind the magic curtain

Next week Steve Jobs of Apple will grab media attention with another simple-looking stage show. Mike Evangelist tells the insider secrets of his gruelling preparation

Thursday January 5, 2006
The Guardian


If the chief executive of Cadbury-Schweppes speaks at a conference, or Nike's boss introduces a new kind of trainer, you might expect to see it covered in specialist magazines, then quickly forgotten. But on Tuesday a chief executive will stand up and announce something, and within minutes it will be scrutinised across the web and on stockbrokers' computers. It will be in newspapers. They'll talk about it for months.

That chief executive is Steve Jobs, and I know why that speech makes an impact. To a casual observer it is just a guy in a black shirt and jeans talking about some new technology products. But it is in fact an incredibly complex and sophisticated blend of sales pitch, product demonstration and corporate cheerleading, with a dash of religious revival thrown in for good measure. It represents weeks of work, precise orchestration and intense pressure for the scores of people who collectively make up the "man behind the curtain". I know, because I've been there, first as part of the preparation team and later on stage with Steve.

Objectively, Apple Computer is a mid-sized company with a tiny share of its primary market. Apple Macintoshes are only rarely seen in corporate environments, and most software companies don't even offer Apple-compatible versions of their products. To put it another way, Apple is just bit larger than Cadbury-Schweppes and about the same size as Nike or Marks and Spencer in terms of annual sales.

Such comparisons come up short in trying to describe Apple's place in the world of business, because they leave out a key factor: Steve Jobs. That's something only one other company - the filmmaker Pixar - can claim. He's the closest thing to a rock star you will find in the world of business.

When Apple announces something new, people pay attention. This is due, in large measure, to Steve and the way he delivers Apple's messages. His preferred method of making major product announcements is at one of his public presentations, or "keynotes" as they are called inside the company.

Steve starts his preparation for a keynote weeks in advance, reviewing all the products and technologies he might include. Although development and release schedules are set far in advance, he still has to satisfy himself that the chosen products are keynote-ready. For software, this can be hard to decide: the engineering work is usually still underway, so he will make a preliminary determination based on seeing unfinished software. More than once this has caused some tense moments in rehearsal when programs haven't behaved.

Baptism of fire

My first experience of this preparation came in the runup to the Macworld Expo keynote of January 2001, which was to include new Macs able to burn DVDs - then an amazing capability. Steve wanted to show off the new software, iDVD, that could do it. As I was the product manager for Apple's DVD software, I had to organise everything that Steve would need.

The team and I spent hundreds of hours preparing for a segment that lasted about five minutes. Several weeks earlier Steve summoned me to demo the software, and highlight what I thought were its most interesting aspects. Of course he already knew most of this, but the process was still useful. He used the key points from these demos to mould his overall presentation and decide how much time each product would get.

Next, my team was given the task of locating movies, photos and music to be used when he created his sample DVD on stage. Most companies would just choose some clip art, or hire a video producer to make some simulated "home movies". Steve wanted material that looked great, yet was possible for an average person to achieve. So we called on everyone we knew at Apple to submit their best home movies and snapshots. Before long we had an amazing collection of fun, cool and heartwarming videos and photos. My team picked the best and confidently presented them to Steve. True to his reputation as a perfectionist, he hated most of them. We repeated that process several times. At the time I thought he was being unreasonable; but I had to admit that the material we ended up with was much better than what we had begun with.

Then came the process of the demo itself: what precise steps Steve should follow, whether the program should already be running on the computer, what sample movies to play, everything.

With the demo set, my role was to stand by in case of technical problems with the software, or if Steve wanted to change anything. This gave me the opportunity to observe what was going on around me. The big keynotes require a very large crew with separate teams for each major task. One prepares the room to seat several thousand people. Another group builds the stage with its motorised pedestals, risers, trap doors, and so forth. A third manages the stage lighting, audio and effects.

Yet another sets up and calibrates the state-of-the-art projection systems (complete with redundant backup systems), and a huge remote video truck parked outside has its own crew handling video feeds for the webcasts and playback of any video needed during the show. Then there are the people who set up all the computers used in the keynote, each with at least one backup that can be instantly brought online with the flick of a switch.

And of course there's the secrecy. The impact of Steve's presentations depends on surprise; so once the rehearsals begin, security people help keep the curious out and the secrets secret. It was fascinating to watch. No detail was overlooked: for example, while rehearsing the iDVD demo, Steve found that the DVD player's remote control didn't work from where he wanted to stand on the stage. The crew had to make a special repeater system to make it work.

So when Steve steps out on that stage, with its stark black-on-black colour scheme, and does his apparently simple demos, he brings the combined energy and talent of all those people and many more back in Cupertino, California, and channels it to the audience. It makes me think of a magnifying glass used to focus the power of the sun on one small spot until it bursts into flames.

Fast forward a year; much to my surprise I was asked to do a demo in the keynote. And then I really learned about demos. In mid-2001 I had been promoted to manage both the DVD products and Apple's professional video-editing software, Final Cut Pro, a new version of which was to be released in early 2002.

But Steve never does the demos of the pro software; he always relies on someone on the product team more familiar with its features and operation. The job fell to me. It turned out to be my lowest and highest point at Apple.

Steve usually rehearses on the two days before a keynote. On the first day he works on the segments he feels need the most attention. The product managers and engineering managers for each new product are in the room, waiting for their turn. This group also forms Steve's impromptu test audience: he'll often ask for their feedback. He spends a lot of time on his slides, personally writing and designing much of the content, with a little help from Apple's design team.

As each segment of the show is refined, Steve and his producer edit the slides live on a PowerBook so the revised slides can be used immediately. That day Steve was very methodical, going through every aspect of the show. He would test variations of content and flow, looking for the combinations with the most impact. When introducing a major new product, he also liked to show the TV commercial Apple would be using to promote it. Often these had been finished just minutes before rehearsals; Steve would sometimes preview alternate versions to gauge the team's reaction before deciding which to use.

Crunch time

On the day before showtime, things get much more structured, with at least one and sometimes two complete dress rehearsals. Any non-Apple presenters in the keynote take part on the second day (although they cannot be in the room while the secret parts - the unveiling of hot ticket hardware such as a new iPod or laptop - are being rehearsed.) Throughout it all Steve is extremely focused. While we were in that room, all his energy was directed at making this keynote the perfect embodiment of Apple's messages. Steve doesn't give up much of his personality even in rehearsals. He is strictly business, most of the time.

I had worked on my five-minute Final Cut Pro demo for weeks, selecting just the right sample material and honing (I thought) my delivery to a fine edge. My boss and his boss were there for moral support. Steve, as was his custom, sat in the audience. I was very nervous, and having Steve's laser-like attention concentrated on me didn't help. About a minute into the demo, Steve stopped me, saying impatiently, "you gotta get this together or we're going to have to pull this demo from the keynote."

I was devastated. I didn't even know how to respond, or if I should respond. Mercifully my boss and Phil Schiller (Apple's head of marketing, and a frequent keynote presenter) came to my rescue. Over the next few hours they worked with me to polish my demo. More importantly, Phil gave me some great advice: "Those 6,000 Mac fans out there in the hall aren't against you, they're the best friends you can have." The next day at final rehearsal, Steve watched me again. This time he gave it his nod of approval. It felt great; but the real work was yet to be done.

Next morning, as I sat in the front row waiting for my turn on the stage, the full weight of the event hit me. There were several thousand people in the room, and approximately 50,000 watching the webcast. It was the very definition of pressure. Steve started the segment that preceded mine, and my heart started pounding. I felt those hundred thousand eyes all about to be focused on me and feared I would crumble. I had done a bit of public speaking before, but nothing like this.

The assistant producer came over to me to guide me to the stairs at the side of the stage. I stood in the dark, watching Steve put up the slide that introduced me. Just then a wonderful thought hit me; in five minutes the whole thing would be over. If I could only keep going for five minutes I would be fine. I bounced up the stairs and on to the stage, and everything was suddenly OK. The demo worked perfectly, the audience seemed to love the product, and their applause was an incredible adrenaline rush.

When it was over I received many compliments on how well it went, including the one I prize the most, from Steve himself.

In the following months I was on stage for two more keynotes, and each time was incredibly grateful for the apparently harsh treatment Steve had dished out the first time. He forced me to work harder, and in the end I did a much better job than I would have otherwise. I believe it is one of the most important aspects of Steve Jobs's impact on Apple: he has little or no patience for anything but excellence from himself or others.

· Mike Evangelist left Apple in 2002 and is writing a book about his time there, provisionally called Jobs I've Known, live on his site, www.writersblocklive.com



05 January 2006

A Naive User's Guide to Running Windows More Securely

Like a lot of people who have worked in the business, I find myself in conversations about computer security with people who are having problems or know people who have problems. I wrote this to save me from explaining the same thing over and over again to different people, and to save them the trouble of having to make notes as we talked. It was meant to be something you could give to a 'naive user' and have them be able to read and follow it more or less unaided, and while not being a complete guide, at least be something that made them more secure than before they got it.



What is the danger?

That a machine will have 'malware' loaded onto it. This will then allow criminals to use it to send spam (often promoting pornography), hack other computers, make it dial up premium rate numbers, or steal information from it, including bank account numbers and passwords. In bad cases bank accounts can be stolen, in extreme cases identity theft is possible. The risks are mainly financial, but if a machine is captured by pornographers, they may also be legal. In the UK, for example, the existence of some kinds of material on a computer is going to be a strict liability offence. The onus is going to be on the holder to prove he/she was not the agent/owner, and it may not be easy.

How bad is it?

Bad and worsening. Here is one example. USA Today, in November 2004, set up 6 machines on the net and observed the results. In two weeks they attracted 306,000 attacks, and an XP SP1 machine was broken into in four minutes. The Denver Post did the same thing in February 2005, and attracted 45,000 attacks in a week. This is the risk from simply being connected. To it, you have to add user actions - unwittingly visiting fraudulent and malicious sites, receiving malicious emails or attachments. There have been 100,000+ Windows viruses, 2,500 Windows spyware releases, and some studies show 80% of home PCs may be infected with spyware broadly defined. The latest thing is Windows rootkits - essentially undetectable infections.

Who is at risk, and from who?

Anyone connecting to the net with Windows 95, 98, ME, or XP with Service Pack 1 or lower. Broadband makes the risk much greater. Fully up to date versions of XP SP2 are much less at risk. People running Unix based systems (including MacOS and Linux flavours) are much less at risk. People running firewalls are also much less at risk.

Basically, connect Windows XP SP1, 98 or 95 to the net without a firewall, and the evidence is, you'll likely be hacked within an hour. You are almost certain to get infected if you (or your children) use music sharing software, or if you agree to download and install software as a condition for free access to some kinds of services. Downloading ring tones for mobiles is a common source of infection. Downloading bootleg software (so called warez) is another.

You can find out how secure your machine is to some kinds of attacks by going to Steve Gibson's Shields Up site: https://www.grc.com (go to the Shields Up section) to test the vulnerability of your firewall and system. Recommended. This tells you about liability to incoming attacks. Leak Test, from the same site, will tell you whether your firewall protects from outbound leakage.

The perpetrators are mostly criminals in it for profit. The days of the amateur teenage hacker in a suburban bedroom are over.

If I follow these recommendations am I safe?

No. You are safer. You are still running an Operating System with a proven record of security faults in a network environment. And this guide is not a complete account of the subject.

Are there alternatives to these recommendations?

Yes. Plan B is: go to a Unix based Operating System, like Linux or MacOS or one of the BSDs. Here are some thoughts on this one.

It helps because there's been far less malware. Probably under 50 real viruses for both MacOS and Linux, even less for Commercial Unix. Spyware is so far unknown (according to Webroot).

Linux or BSD will run on your existing machine side by side with Windows. It is also free, so this is the cheapest of the Plans B. However, don't try moving to Linux or a BSD without help. Your helper should agree to be available for support for six months after the installation. MacOS, which is similarly or maybe more secure, and also Unix based, one probably can do unaided. But you need a whole new computer for it, and new versions of your applications, so it gets expensive. The Mac Mini is worth considering if you are tempted.

The best bet in Linux/Unix for the end user is probably PCLinux, available free for download over the net as a single CD iso. Mepis is also very good. Either will come, free, with all the applications you are likely to need, including Office packages. Maybe fewer games than you would like. In BSDs, PCBSD and DesktopBSD are end-user oriented distributions. They are so far a lot less popular than the Linuxes.

How to safeguard Windows? Four rules go a long way.

Rule 1. Use a limited user account for normal work, and for connection to the net. Never connect from an account with administration privileges.

How to do this. Use the Users and Passwords control panel to create a new Administrator account. Reset your current account to limited user. Then only use the Administrator account to manage the system, install software etc, and then sign off. Never connect to the net when signed on as Administrator, except to do Windows Update. Enable privacy between user accounts, and have separate user accounts for everyone who uses the computer. Make a separate dedicated limited user account for shopping & banking.

Why this helps. Any attacks made on you while on the net will have the same privileges as the account you signed on with. (There have been some exceptions, but this is mostly true for up to date systems). Administrator accounts can do anything at all to the system. Limited user accounts can do relatively little. Signing on as a limited user restricts the attacker's options. Microsoft's default on this is for you to sign on as administrator. It is as if, in an hotel, every guest key opened all guest rooms and the main safe, kitchen and boiler room as well. Change it.

Note1: Windows 9x has only one account, so this won't work with 95 or 98 or ME. Either upgrade to XP, but its not simple, or consider buying Anti-Executable from www.faronics.com. Learn to use it to lock down your machine. Note that I have not used this package - the recommendation comes from the product specification, user guide, and testimonials. Also use ZoneAlarm (below) to disconnect from Broadband when not actively using it.

Note2: Some older software, and all CD burning software, will have problems running as a limited user. Use the 'run as' function (right click on the program icon) to run them as Administrator.

Rule 2. Connect to Broadband via an ADSL Router, never just an ADSL modem.

How to do this. Either ask your provider to supply Broadband with an ADSL Router, or buy a combined modem/router yourself (cheapest by mail order). Make sure you have the right PC ports to connect it up and that you get cables. If you have a choice, use an Ethernet connection, in preference to USB. Find out how to address the hardware firewall it will have in it, and set it to high protection if it isn't already.

Why this helps. If you just connect via a modem, your machine will be visible to hackers worldwide. If you use a Router, it will use a private address for your machine, and the only thing visible on the net will be the Router (a much harder target). If you set the hardware firewall to high, the router also will be invisible.


Rule 3: Only use secure software.

This falls into three parts.

First, don't use the chronically insecure Microsoft Explorer and Outlook; get (free) Mozilla Firefox (Web) and Mozilla Thunderbird (Email). Also get the Firefox Spoofstick plugin and Adblock to guard against phishing. One or two UK banks require Explorer, and firewalls off. Avoid them. Use Mailwasher to screen and delete unwanted mail on the server.

Second, get the following:

ZoneAlarm is a free software firewall. You do need this as well as the router hardware firewall. Replace the weak XP built in firewall with it. Use it to disconnect from the net when inactive, and to control outbound traffic from applications.

AVG is a free anti virus package (Kapersky and McAfee are also very good, paid packages). Update at every connection.

AdAware & Spybot Search and Destroy are free anti-spyware packages. Get both, and update at least weekly. Microsoft's own anti-spyware package is free and highly rated. Webroot's Spysweeper is a paid, well regarded package, as is Pestpatrol. One anti spyware package is definitely not enough. Find all these by using Google, or on Tucows. Also, install SpywareBlaster for real time protection, but still sweep with the others weekly.

If using Anti-Executable, I wouldn't rely solely on these scans, to clean up the system first, but would do a clean Windows reinstall as explained later.

WinPatrol is also highly rated, and protects against some system parameter changes.

Third, keep Windows up to date using the Windows Update control. You'll have to sign on with an account with admin privileges. Check out Sans Institute Internet Storm Center, 'Windows XP, Surviving the First Day', for instructions on doing this safely - find it using Google. This helps because security updates for Windows come out often - as more holes are discovered and exploited. The quicker you get them in, the shorter the time you are at risk.

One should also disable insecure Windows services, as Greene's book (below) explains. And never install anything when prompted to do so by a web site or email.

Rule 4: Keep as much personal information as possible off the machine, on paper.

Never have your browser remember passwords or logon information. Never keep NIS numbers, passport numbers, drivers license numbers, bank account numbers or branch addresses on disk. Never use Quicken or MS Money to connect to your bank to download data. Never dispose of a PC with a hard drive in it: take out the drive first, and destroy hard drives before disposal.

If you have children, have a dedicated machine for gaming, music downloads, chat etc, keep no personal data whatever on it, and if you allow it to share the Broadband connection, firewall it off totally from the other machines. Consider using Anti-Executable or even DeepFreeze (also Faronics) on it. All this will be fairly technical, and will probably require professional help. It will be worth it.

Microsoft has just published the 'Shared Computer Toolkit' for making a machine safe for multiple users in a walkup environment. Professional help will probably be needed to install and use this, and it may be overkill for home users.

Reading.

Thomas Greene's book 'Internet Security for the Home and Small Office', is essential reading if you ever use Windows on the net, dialup or broadband, to bank or shop. Get it (from Amazon). Clear, detailed (lots of screen shots) how-to on hardening Windows. It explains how to disable insecure Windows services, which is a must, but which is too big a topic for these pages. Steve Gibson's site, see previous page, is worth a visit. Secunia and SecurityFocus are very good but technical. Wilders.org has lots of good links and clear explanations.

How to know if your machine is infected, and what to do.

You'll know because of slowdowns, crashes or unpredictable behaviour, especially of Explorer or Outlook, or because scans with anti-virus or anti spyware software tell you of infections. You may find lots of popups appearing, you may find yourself on sites which you have not clicked on. Your internet connection may be very active when you are not doing anything. Your ISP or other people may tell you your machine is sending spam. Trying to find out what is going on by Crtl-Alt-Delete may not permit you to examine running processes.

Take this very seriously and do not bank or shop online until fixed.

What to do? It used to be a very simple matter, get and run anti-virus software and keep it up to date. No more. In the last year, it has become decreasingly possible to be sure of having cleaned a badly infected Windows OS that one has booted from. The only method reasonably certain to succeed nowadays is, back up your work files to removable storage, then format and partition the affected hard drives and reinstall Windows, harden it, and then copy back the work files and reinstall software. I would personally do this by buying a new hard drive (Seagate Barracuda) with an OEM copy of XP, and starting from scratch. I would do the data backup by booting from Knoppix or similar Linux live CD.

Advice. Find a professional and say this is what you want done. If he tells you it is not necessary, and that simply running AdAware etc is enough, well, it may be. But there again, it may not be. The question is, how much do you want to bet?

I would demand (and pay for) a clean install...

Appendix: where does this problem come from?

If you are just trying to keep systems secure, this may seem a bit academic. But people do ask, so here is a very short account. First, to avoid being forced by anti-trust actions to give equal treatment to all browsers, Microsoft, during the 'browser wars', made Explorer part of the Operating System, and also linked Outlook to Explorer. This means it really cannot be removed. But it also means any vulnerability of Explorer or Outlook is a vulnerability of Windows. Second, it's the social culture of Windows use - in particular, the universal practice of signing on with Administrator privileges. This means any infection is automatically a system wide infection. Third, its to do with myriad vulnerabilities in the way Windows handles services. As an example, the recent wmf flaw enables graphics, regardless of browser, to carry malicious code. This is because of flaws in the way thumbnails and graphics rendering is done in Windows. RPC (Remote Procedure Calls) is another example.

Bottom line: it is not going to go away any time soon.

Caveat

I've taken care over this, but its a very brief guide to a very complicated and rapidly changing subject. I can't be responsible for any inaccuracies or any consequences of following these recommendations. Do not follow them blindly. Verify first, and then use them only as the basis for formulating your own security policy, and arriving at your own list of dos and don'ts.

--Alcibiades

02 January 2006

100 things we didn't know this time last year


Each week the Magazine picks out snippets from the news, and compiles them into 10 Things We Didn't Know This Time Last Week. Here's an end of year almanac.

1. The UK's first mobile phone call was made 20 years ago this year, when Ernie Wise rang the Vodafone head office, which was then above a curry shop in Newbury.

2. Mohammed is now one of the 20 most popular names for boys born in England and Wales.

3. While it's an offence to drop litter on the pavement, it's not an offence to throw it over someone's garden wall.


4. An average record shop needs to sell at least two copies of a CD per year to make it worth stocking, according to Wired magazine.

5. Nicole Kidman is scared of butterflies. "I jump out of planes, I could be covered in cockroaches, I do all sorts of things, but I just don't like the feel of butterflies' bodies," she says.

6. WD-40 dissolves cocaine - it has been used by a pub landlord to prevent drug-taking in his pub's toilets.

7. Baboons can tell the difference between English and French. Zoo keepers at Port Lympne wild animal park in Kent are having to learn French to communicate with the baboons which had been transferred from Paris zoo.

8. Devout Orthodox Jews are three times as likely to jaywalk as other people, according to an Israeli survey reported in the New Scientist. The researchers say it's possibly because religious people have less fear of death.

9. The energy used to build an average Victorian terrace house would be enough to send a car round the Earth five times, says English Heritage.

10. Humans can be born suffering from a rare condition known as "sirenomelia" or "mermaid syndrome", in which the legs are fused together to resemble the tail of a fish.

11. One in 10 Europeans is allegedly conceived in an Ikea bed.

12. Until the 1940s rhubarb was considered a vegetable. It became a fruit when US customs officials, baffled by the foreign food, decided it should be classified according to the way it was eaten.

13. Prince Charles broke with an 80-year tradition by giving Camilla Parker Bowles a wedding ring fashioned from Cornish gold, instead of the nugget of Welsh gold that has provided rings for all royal brides and grooms since 1923.

14. It's possible for a human to blow up balloons via the ear. A 55-year-old factory worker from China reportedly discovered 20 years ago that air leaked from his ears, and he can now inflate balloons and blow out candles.

15. Lionesses like their males to be deep brunettes.

16. The London borough of Westminster has an average of 20 pieces of chewing gum for every square metre of pavement.

17. Bosses at Madame Tussauds spent £10,000 separating the models of Brad Pitt and Jennifer Aniston when they separated. It was the first time the museum had two people's waxworks joined together.

18. If all the Smarties eaten in one year were laid end to end it would equal almost 63,380 miles, more than two-and-a-half times around the Earth's equator.

19. The = sign was invented by 16th Century Welsh mathematician Robert Recorde, who was fed up with writing "is equal to" in his equations. He chose the two lines because "noe 2 thynges can be moare equalle".

20. The Queen has never been on a computer, she told Bill Gates as she awarded him an honorary knighthood.

21. One person in four has had their identity stolen or knows someone who has.

22. The length of a man's fingers can reveal how physically aggressive he is, scientists say.

23. In America it's possible to subpoena a dog.

24. The 71m packets of biscuits sold annually by United Biscuits, owner of McVitie's, generate 127.8 tonnes of crumbs.

25. Nelson probably had a broad Norfolk accent.

26. One in four people does not know 192, the old number for directory inquiries in the UK, has been abolished.

27. Only in France and California are under 18s banned from using sunbeds.

28. The British buy the most compact discs in the world - an average of 3.2 per year, compared to 2.8 in the US and 2.1 in France.

29. When faced with danger, the octopus can wrap six of its legs around its head to disguise itself as a fallen coconut shell and escape by walking backwards on the other two legs, scientists discovered.

30. There are an estimated 1,000 people in the UK in a persistent vegetative state.

31. Train passengers in the UK waited a total of 11.5m minutes in 2004 for delayed services.

32. "Restaurant" is the most mis-spelled word in search engines.

33. Chelsea boss Jose Mourinho has only been in an English pub once, to buy his wife cigarettes.

34. The Little Britain wheelchair sketch with Lou and Andy was inspired by Lou Reed and Andy Warhol.

35. The name Lego came from two Danish words "leg godt", meaning "play well". It also means "I put together" in Latin.

36. The average employee spends 14 working days a year on personal e-mails, phone calls and web browsing, outside official breaks, according to employment analysts Captor.

37. Cyclist Lance Armstrong's heart is almost a third larger than the average man's.

38. Nasa boss Michael Griffin has seven university degrees: a bachelor's degree, a PhD, and five masters degrees.

39. Australians host barbecues at polling stations on general election days.
More details

40. An average Briton will spend £1,537,380 during his or her lifetime, a survey from insurer Prudential suggests.
More details

41. Tactically, the best Monopoly properties to buy are the orange ones: Vine Street, Marlborough Street and Bow Street.
More details

42. Britain's smallest church , near Malmesbury, Wiltshire, opens just once a year. It measures 4m by 3.6m and has one pew.
More details

43. The spiciness of sauces is measured in Scoville Units.
More details

44. Rubber gloves could save you from lightning.
More details

45. C3PO and R2D2 do not speak to each other off-camera because the actors don't get on.

46. Driving at 159mph - reached by the police driver cleared of speeding - it would take nearly a third of a mile to stop.
More details

47. Liverpool has 42 cranes redeveloping the city centre.

48. A quarter of the world's clematis come from one Guernsey nursery, where production will top 4.5m plants this year alone.

49. Tim Henman has a tennis court at his new home in Oxfordshire which he has never used.

50. Only 36% of the world's newspapers are tabloid.

51. Parking wardens walk about 15 miles a day.
More details

52. You're 10 times more likely to be bitten by a human than a rat.
More details

53. It takes 75kg of raw materials to make a mobile phone.
More details

54. Deep Throat is reportedly the most profitable film ever. It was made for $25,000 (£13,700) and has grossed more than $600m.

55. Antony Worrall-Thompson swam the English Channel in his youth.

56. The Pyruvate Scale measures pungency in onions and garlic. It's named after the acid in onions which makes cooks cry when cutting them.

57. The man who was the voice of one of the original Daleks, Roy Skelton, also did the voices for George and Zippy in Rainbow.

58. The average guest at a Buckingham Palace garden party scoffs 14 cakes, sandwiches, scones and ice-cream, according to royal accounts.

59. Oliver Twist is very popular in China, where its title is translated as Foggy City Orphan.

60. Newborn dolphins and killer whales don't sleep for a month, according to research carried out by University of California.

61. You can bet on your own death.
Full story

62. MPs use communal hairbrushes in the washrooms of the Houses of Parliament.

63. It takes less energy to import a tomato from Spain than to grow them in this country because of the artificial heat needed, according to Defra.

64. New York mayor Michael Bloomberg's home number is listed by directory inquiries.

65. Actor James Doohan , who played Scotty, had a hand in creating the Klingon language that was used in the movies, and which Shakespeare plays were subsequently translated into.

66. The hotter it is, the more difficult it is for aeroplanes to take off. Air passengers in Nevada, where temperatures have reached 120F, have been told they can't fly.

67. Giant squid eat each other - especially during sex.

68. The Very Hungry Caterpillar has sold one copy every minute since its 1969 publication.
More details

69. First-born children are less creative but more stable, while last-born are more promiscuous, says US research.

70. Reebok, which is being bought by Adidas, traces its history back more than 100 years to Bolton.

71. Jimi Hendrix pretended to be gay to be discharged from the US Army.

72. A towel doesn't legally reserve a sun lounger - and there is nothing in German or Spanish law to stop other holidaymakers removing those left on vacant seats.

73. One in six children think that broccoli is a baby tree.

74. It takes a gallon of oil to make three fake fur coats.

75. Each successive monarch faces in a different direction on British coins.

76. The day when most suicides occurred in the UK between 1993 and 2002 was 1 January, 2000.

77. The only day in that time when no-one killed themselves was 16 March, 2001, the day Comic Relief viewers saw Jack Dee win Celebrity Big Brother.

78. One in 18 people has a third nipple.

79. The section of coast around Cleethorpes has the highest concentration of caravans in Europe.

80. Fifty-seven Bic Biros are sold every second - amounting to 100bn since 1950.

81. George Bernard Shaw named his shed after the UK capital so that when visitors called they could be told he was away in London.

82. Former Labour MP Oona King's aunt is agony aunt Miriam Stoppard.

83. Britain produces 700 regional cheeses, more even than France.

84. The actor who plays Mike Tucker in BBC Radio 4's The Archers is the father of the actor who plays Will Grundy.

85. Japanese knotweed can grow from a piece of root the size of pea. And it can flourish anew if disturbed after lying dormant for more than 20 years.

86. Hecklers are so-called because of militant textile workers in Dundee.

87. Pulling your foot out of quicksand takes a force equivalent to that needed to lift a medium-sized car.

88. A single "mother" spud from southern Peru gave rise to all the varieties of potato eaten today, scientists have learned.

89. Spanish Flu, the epidemic that killed 50 million people in 1918/9, was known as French Flu in Spain.

90. Ordinary - not avian - flu kills about 12,000 people in the UK every winter.

91. Croydon has more CCTV cameras than New York.

92. You are 176 times more likely to be murdered than to win the National Lottery.

93. Koalas have fingerprints exactly like humans (although obviously smaller).

94. Bill Gates does not have an iPod.

95. The first traffic cones were used in building Preston bypass in the late 1950s, replacing red lantern paraffin burners.

96. Britons buy about one million pumpkins for Halloween, 99% of which are used for lanterns rather than for eating.

97. The mother of stocky cricketer - and this year's Strictly Come Dancing champion - Darren Gough was a ballet dancer. She helped him with his pivots.

98. Nettles growing on land where bodies are buried will reach a foot higher than those growing elsewhere.

99. The Japanese word "chokuegambo" describes the wish that there were more designer-brand shops on a given street.

100. Musical instrument shops must pay an annual royalty to cover shoppers who perform a recognisable riff before they buy, thereby making a "public performance".