Django Forum Software

Note: This entry has been restored from old archives.

Update 2008-02-25 20:24: I’ve only made small progress on examining each of the options below as I haven’t had much time for personal projects in the last couple of months. An important point to note is that some of these didn’t work with Django-trunk, so certainly check that if you’re not working with the development version (conversely, some might not work with 0.96 I guess.) Note, from the comments, Antti Kaihola has created a “Django Forum Apps Comparison” on the django wiki, it’s well worth checking that out as it’ll be more complete and more up to date than my list.

I’ve been toying with a community site recently. The logical starting point for the code behind it is discussion functionality. The idea is to take some existing code that does “forums” well and use this as the kernel that the community site is built around. Nothing is ever so easy though, the ‘net and developer communities have grown so huge that we’re not talking a needle in a haystack but finding the right needle in a haystack full of needles. There’s a scattering of good needles, but a lot of blunt of downright broken ones.

I’ve locked myself into Django now, but even having already determined the web framework to use (i.e. choosing a smaller haystack) the task isn’t trivial. I think that a general issue here is this exact experience I’m having, people give up eventually, try to spin their own, get big ideas, publish their half baked code, and make it just a little harder for the next person trying to find pre-existing functionality. It doesn’t help that Django’s relatively young, I don’t make life easy for myself sometimes!

Here’s my small attempt to work against the trend. I’ve gathered a list of the Django forum/discussion software I’ve found and associated each project with any further useful information that might help the decision of which to use. I’ve filtered out anything that was clearly broken, but don’t know the level of completeness of everything listed here.

Also, I’m sure there’s other projects out there I’ve missed! I’ll update this page if I find anything new.

I’m not recommending any of these, maybe that’ll come later once I’ve actually decided which one to work with.

Ross’s Django Forum (the django-forum)

“Simple Django Forum Component”

This seems to be the most linked-to Django forum software out there. It seems basic, but I haven’t tested it or seen a demo. I’ve seen various blog comments commenting on either it’s “lack of features” or “ease of installation and use” — how many “features” do people really need?

Jonathan’s Django Forum

Almost got this one mixed up with django-forum above. At least it has a demo site! The demo looks like it has all the basic expected components working.

counterpoint

“forum written with django”

Very little information about this out there, the code is available though. I’ve seen a comment on a blog post from Nov 29th 2007 that says “missing much functionality”, it’s a young project though and that was a month ago.

snapboard

“Python Forum/Bulletin-Board for Django”
“SNAPboard: S(imple), N(imble), A(ttractive), P(ython) board”

In a way this one seems to do the best job of selling its self. The Google Code frontpage and wiki (documentation) are good. However activity on the project has dropped off and a new maintainer has come on board recently (December 11th according to a forum post).

Django Discussion (django-discussion)

“A generic discussion application for Django”

I’m guessing this is the same author as the second item in this list, pretty unlikely coincidence otherwise? Anyway, the code seems to be different, so a different project?

  • Google Code: http://code.google.com/p/django-discussion/
  • Owner: Jonathan Buchanan (Same author as the second forum in the list I’m guessing, but the code seems very different.)
  • Initial checkin: 2007-03-15
  • Latest update: 2007-12-08 (only 9 changes since creation, but recently active at least)

Diamanda “MyghtyBoard”

“Diamanda Wiki and Forum”

Diamanda isn’t only a “forum”, it’s a site-builder toolkit that contains a complete “forum” subcomponent called “MyghtyBoard”. The forum seems to possess all the expected features. Development started quite some time ago and was regular up until early 2007, reached a degree feature completeness maybe? A recent “bug report” is “rewrite code for better look and use” with the response “I will in time :)” (6 days ago).

Sphene Community Tools

“Django Forum Application and Django Wiki Application”

Like Diamanda, this is a toolkit that happens to include a forum. I’m assuming that the forum on their site represents a demo of SCT in action. This project looks like the most active of the lot and seems to be quite well documented.

ENDE

That’s the lot for the moment.

Cinnamon Square on Church Street, Rickmansworth

Note: This entry has been restored from old archives.

Cinnamon Square

Cinnamon Square


Coffee House: Cinnamon Square
Address: 9 Church Street, Rickmansworth, WD3 1BX
Rating: New Orleans equivalent (Sydney-Coffee Rating System)
Website | Map

Rewrite 2007-11-30: The espresso improves and I partake of it more often, a general re-write.

It isn’t entirely fair to rate Cinnamon Square as just a “coffee house”, their raison d’être is given by their catchphrase: “the theatre of baking”. That said, they have the distinction of providing the best espresso in Rickmansworth so I feel Cinnamon Square belongs here since they’re “my local”. Unfortunately “best espresso in Rickmansworth” is not, on it’s own, a great qualification. The competition is generally atrocious, although a couple of the Italian restaurants serve an excellent shot (but are not really accessible for the causal espresso).

The gory details: A Cinnamon Square espresso is high standard but not brilliant, rating at New Orleans to TBA equivalence. Cinnamon Square even comes close to filling the role in my life that both filled back in Sydney, being a short walk away from where I live and where I usually work. We have espresso at Cinnamon Square every Saturday we’re in town, when I’m working from home (permanently these days) I pop in once or twice every day, if they were open on Sunday it’d be every day of the week! Alas, the best local coffee place doesn’t follow New Orleans’s virtually “always open” hours.

Update 2007-12-30: Cinnamon square is now open on Sunday!

The length of the pour is usually appropriate but with too-frequent “fill the cup” efforts, and crema is normally full and firm. The coffee tends to the sour-bitter ends of the spectrum, but certainly not far and it is quite good. I don’t know the origin or age of the roast but it is fresh ground (the least you should expect these days). There’s potential for truly excellent espresso here, possibly just some grind, machine, and roast tweaks away. The most significant problem is barista training, which is usual for places that aren’t primarily coffee houses. Sometimes the head hasn’t been packed well enough and the volume of the pour swings between just-right and full-up (luckily the demitasse are small so full-up isn’t as bad as it could be).

The espresso covered, I can’t finish without mentioning the pusscakes[1] Their namesake product is evilly delicious, they’ve even won a “great taste award” for the “Sweet Fermented Bun” (aka “Cinnamon Square”). I have a hard time resisting these every time I go into the shop, especially since I love cinnamon, but alas a ball of sugary starches isn’t going to work out on my nutrition spreadsheet. The Cinnamon Squares keep good company with a selection of danishes, cupcakes, and other delights — we’ve never had a dud. They do well in the savoury department too, with beautiful breads and a range of lunches, the goat-cheese focaccia is excellent (but beware: their focaccia’s are huge). We don’t eat much bread but when we do fancy some this is where we go, they do a good range of large and small loaves and bake regularly.

If you’re in Rickmansworth and have a hankering for an espresso you can’t do better than Cinnamon Square, and you absolutely must try their namesake at least once. It’s also worth visiting just to see the cute little heritage-listed 500-year-old building they’re in — where even I bang my head on a padded rafter and can smugly think to myself: “Ho ho ho, I’m so tall.”[2]

Cinnamon Square, be there or be without a square!


[1] Pusscake: A term I picked up in my youth when labouring for a paver. Often I would be sent to the bakery “for pusscakes”, this pretty much meant anything sticky and sweet, but especially those containing cream and/or custard.

[2] I’m told that this reflects the fact that the average height was significantly lower 500 years ago, and you do find lintels low enough for me to bang into surprisingly often in old buildings in the UK. I’m only 5’9″ barefoot.

Neronet

Note: This entry has been restored from old archives.

Coffee House: Caffé Nero, Rickmansworth
Address: 80 High Street, Rickmansworth, WD3 1AQ
Rating: Below even the depths of Gloria Jean’s (Sydney-Coffee Rating System)
Chain Website | Map (Hey, why’s the Ricky satellite imagery suddenly a decade old?! The building I live in is a sandpit!)

Update 2007-12-30: Very recently a sign appeared in the window of the local Nero outlet informing passers-by that Nero is switching over to BT OpenZone. I’m not a huge fan of BT OpenZone but they are my roaming wifi provider because everywhere I’ve been (US, Sydney, Perth, UK, throughout Europe) I can usually find a place that my OpenZone account works (almost every hotel I’ve stayed in uses a provider that partners with OpenZone). Of course, OpenZone aren’t the only provider to have extensive worldwide partnerships like this (T-Mobile do, and most APs in Europe I use are actually T-Mobile). Anyway, the important point is that OpenZone has a far more convenient pricing structure than “Surf and Sip”, importantly this includes a no-upfront-fee pay-per-minute account type. Even though minutes are expensive here in the UK (why? no idea, because they can be I guess) this makes “Neronet” far more useful for the casual low-frequency user. Now, they just need to elevate the average quality of their espresso above “chain store”, hah.

The only “‘net Café” in Rickmansworth is a Nero outlet. Even though the coffee is pretty terrible I’d be happy to sit here for an hour or two and tap away on the laptop, mainly because the chairs are comfy. There’s a big problem though: the cost. A day-ticket costs 10 quid, which is the cost of about 5 coffees and is the lowest price ‘net access ticket you can get. A month costs 40 quid (twice as much as I pay for my home 8Mbit ADSL and telephone combined), and a yearly access ticket is 200 quid. The access provision company is “Surf and Sip(TM)” and, on the prior-to-payment café web pages, I can’t find any listing of the outlets where I can get connected to them. I’d bet it’s probably only available in Nero outlets, and outside of Ricky I never go to Nero.

Coffee notes about Nero in Ricky: If you get the right person you can get a barely drinkable espresso, that’s one staff member in about ten. I only drink Americanos here, watering down bad espresso can make it not insult my mouth at least. I used to have coffee here most mornings (simply to get the caffeine fix) but now that I’m working from home I go to Cinnamon Square instead. On the Sydney-coffee-rating scale this place is below Gloria Jean’s. They do have some decent panini though, so on Sundays Kat and I tend to have coffee and a panini for breakfast here (there’s not really anywhere else to go).

I’d really rather have a Starbucks in town, the coffee is a little better and the ‘net access is a little cheaper (but still not very well priced).

I’m almost tempted to try the local Wetherspoon’s pub for ‘net access. The coffee will probably be undrinkable, but they give you 30 minutes of free ‘net access with each drink you buy (and a coffee only costs about a quid there). But I can’t really bring myself to step into a pub before midday, even one with coffee and a breakfast menu. Also, the Penn is a pretty bodgey chainpub that I wouldn’t normally wander into at any time of day.

It doesn’t help that it is Sunday and the only things open are Nero, the Penn, and an Italian place we don’t go to.

So, 1.5 years into living in Ricky and Sundays still suck and (legally sound) out-of-home ‘net access is still a myth. I thought it might have picked up a bit by now. Unfortunately this is a town of rich semi-to-fully geriatric professionals (many retirees I’d guess) and breeders… so there’s probably not a lot of market for a bit of modernisation.

If it fit into my visa provisions I’d seriously consider trying to pick up a little café on the high street that shut down a while back. This Nero place is absolutely packed, the coffee and food are both dull but there are no other options (hey, even I’m sitting here).

I wonder about WiMax. They say it’s long range, if I ran an AP from my balcony what sort of cover could I get in buildings. How much does line-of-sight matter? How much does WiMax gear cost?

Bad Weather

Note: This entry has been restored from old archives.

The last two days have been somewhat joyous in a less than traditional sense. Two whole days with all computers shut off! OK, so not that much different from our recent holiday without work/computers, but more relaxing.

The reason for the title is twofold, firstly the weather here really is rather shit. It’s England! What should I expect? Christmas day was chilly and wet, at least on boxing day there was a little sunlight. Dreaming of a white Christmas around London? Not much chance these days it would seem. This is my third in the UK, the first was white thanks only to a heavy frost, there was a little snow around the period but it wasn’t so cold that I didn’t spend the day on my bike in Wendover Woods. Last year it was cold at least. This year it isn’t even chilly, there isn’t one 0 or sub-zero day predicted in the entire last week of the month! Today has a predicted minimum of 9 — I can quite comfortably wear just a thin t-shirt under an unbuttoned jacket. Oh well.

The other bad storm is one of 2007′s old favourites, the Zhelatin/Storm/Nuwar “worm”. After somewhat of a lull in seeing emails from this network I suddenly got one on the 23rd, as I mentioned on Monday.

This turned out to be the first of many as the network pumped out a full-scale assault capitalising on the jovial season, both Christmas and New Year. Taking advantage in two ways I think: 1) people probably are sending a lot of stupid email right now so it may be more likely that people follow the evil links, 2) A lot of people, including those in the security industry and the IT-shops responsible for maintaining corporate security, are on holiday so the “good guys” may have a slower response time.

The latter point is worth some thought. I’m sure it has been discussed before: computers don’t have holidays, crims take advantage of holidays, most normal people let their guard down on holidays. Good news for botnet herders. As I mentioned earlier in the week the malware payload wasn’t detected by any of the large-market-share AV engines, the biggest player to detect some of the samples I tried was Kaspersky (finding accurate market-share figures is difficult, suggestions on the net for KAV are between 5 and 1 percent). As has now been clearly established, I’d think, the malware writers test against the biggest AV engines. We can get a good picture of which engines they’re testing with by rounding up as many of these jolly-Storms as possible and scanning them to see which engines, when loaded with a pre-mailout database, detect close to 0% of the samples. The list you’ll find isn’t all that surprising.

It’d be really nice to have a good statistic on the size of the botnet on December 20th versus the size on January 7th. But all botnet size estimates are generally a product of bad guesstimation, we can’t expect anyone to know the numbers except the ones in control.

I’m becoming more pessimistic about the situation as time goes on. The concept of a “virus filter” product seems to have been proven fatally flawed. Whether detection takes place via signatures or “heuristics” (in my opinion this is little more than complicated signatures) the approach is reactive. Either to specific malware or to specific exploits, the latter gets a lot of press as “generic” detection usually classified as “heuristic” but in the end is just reactive detection taken from a different angle. AV engines do have their place, but they’re not a solution — certainly not anymore. A small thought, and privacy advocates would hate this thought, is that maybe the AV vendors need to make their software 100%-report-to-base. Try to take some of the testing ability away from the criminals? Could this even be workable, what information could you report to base that’d help? How long would it be before the bad guys subverted the process or simply circumvented it… probably not long. sigh

I guess this is why the security industry is diversifying into more elements of command and control, maybe there is some light at the end of the tunnel? Of course is it likely that anything of this sort is best done at-or-below the OS level, thus by the OS vendor, but when Microsoft tried to do this for Vista there was an all-out cry of foul from the AV industry! Protecting themselves, or protecting users from the likelihood that Microsoft would get it wrong? A bit of both I expect.

In this direction lot of noise was made about one thing in the last year that to me smells like a load of of bollocks: virtualisation. It’s a very neat geek-toy that has spawned both it’s own industry around maintaining systems and has been co-opted by the security industry in a way that stinks of “silver-bullet”. The former works for me, but I think we want to keep in mind that virutalisation used this way is just an evolutionary step. Virtualisation for robustness/etc is a neat replacement for things like telnettable power supplies and Dell DRAC (remote administration) hardware. Security tends to be fitted in from a perspective of keeping an eye on things from the outside. We like this image because it works fairly well with physical-world security systems. My guess is that it isn’t going to work out quite as neatly or easily as hoped when it comes to anti-malware. I think the best anti-virutalisation FUD I’ve seen came from Theo, of OpenBSD fame.

[Update: In case it isn’t as blindly obvious as I thought, I agree with Theo de Raadt’s FUD (though I don’t understand why anybody thinks my agreement or labelling matters). sigh “FUD” is a just TLA, please attach less emotion to it Internet randoms. I’m wasting my time since the complaint I received was clearly derived purely from the sight of the TLA and the context ignored. Anyway, FUD = “Fear, Uncertainty, and Doubt” and in my mind is a mere function of marketing. Negative marketing based on perceived flaws in the security sphere is a case of FUD (since this is what it causes), sometimes for good (being informative), sometimes for bad (being misleading). Pro-virtualisation-for security people will label de Raadt’s opinion as FUD in the traditional sense, but I bag up what they see as smelly manure and feed it to my roses. I apologise for going against the grain of the TLA and upsetting a poor sensitive soul or two. To repeat: I, in my non-expert opinion, am more convinced by Theo’s FUD than the FUD from the other side of the argument. If it makes you feel better execute a mental s/FUD/marketing/g or just go away.]

Still, we have to grasp at what straws present themselves. (Remembering to let go of the ones that have burnt all the way down to our fingers.) I try to remind myself that entirely giving up hope is not the correct response. Especially while people are profiting from criminal acts that take advantage of the industry’s current failure to adequately deal with the problem.

At this moment, given a corporate network to run and short of “running with scissors”, I’d be focusing attention on environment control. Mostly meaning various approaches to controlled execution. I don’t think it’s an easy path, but does anyone expect a solution to really be “easy”? Hah! There’s a strong chance it’d just turn into another reactive scene, say we allow IE to run, fine, then malware runs it’s own code as part of IE. (Through one of virtually limitless vectors, from buffer buffer overflows inserting actual machine code to simple exploitation of design flaws in JS/VBS/Flash/plugin-X/technology-Y.) What about the much-maligned (at least it is in OSS/FSF circles) TPM approach? (Maybe just simplified virtualisation that’ll just come with a heap of it’s own new flaws.)

Network segregation should offer some relief and damage control. Do users really always need to access email/web from the same machine they access the IRS/HMRC/etc database from? At least if there is an infection (inevitable?) it can only go so far. This is heading into DLP territory though, which is a different problem and mostly the bugs that need to be fixed are in process and people.

Have we given up on user education yet? It’s bloody difficult, but I hope not. We can’t really expect people to always do the right thing, just as we can’t always expect programmers who know they should use validate all user data to always remember to do so (humans tend to be lazy by preference!). That said, the situation is certainly worse if they don’t even know what the right/wrong things are!

It’s easy to become despondent. I’m certainly not all that happy with the industry that I, in a small way, am part of. Taken as a whole the last year or two has been pretty abysmal. Surely things can only improve from this point?

Storm Worm Vigenère

Note: This entry has been restored from old archives.

A small hobby of mine to pick apart JavaScript/ECMA obfuscation such as that used by the Zhelatin/Storm/Nuwar “worm”. My usual approach, which is certainly inefficient, is to grok the actual code by translating it to Perl. I’ve written about this before in “Someone Doesn’t Like Kaspersky“.

I don’t usually have time, after wasting much in the process of grokking, to write about these critters and I don’t expect that to change much! Time is so hard to come by! But after looking at some of the code with recent Storm mailings I think it’s worth noting the evolution.

The previous obfuscation I’ve written about is simple application of “xor encryption”, and much of what I’ve seen has been a variation on this at a similar level of simplicity.

The basic xor case worked along the lines of the following pattern.

    function decode(A,B) {
        ...
        eval(C);
    }
    decode(ciphertext,key);

In this case the key (and thus ciphertext) value was randomly generated for different visits to the page. In the decode function B is applied byte-by-byte to A to gain the plaintext C. Usually this processing was xor (^) and was further complicated with a URI decode or something of that ilk.

The sample I have looked at most recently has the following form.

    function X(Y) {
        ...
        eval(Z);
    }
    X(payload);

The key differences are that the function name (X) is now a variable and the obvious key input is gone, which hints at something. What’s changed inside the code? Well, working from the final decrypt up to the start of the function, this is what happens (somewhat simplified, but this is the core pattern):

  1. An array of 8 bytes is used as a key to shift the values in the input array in the manner of a classic Vigenère cipher applied mod-256).
  2. The key array is obtained be encoding a 32 bit value (i.e. 2309737967) to hex (0x89ABCDEF) and using the ASCII value of each hex digit to populate the key array ([56, 57, 65, 66, 67, 68, 69, 70).
  3. The 32 bit value is obtained by condensing an array of 256 integers (array256) and the text of the decode function (funcText) into an integer! The method iterates over characters in funcText using the byte values as lookup indexes in array256. Complete detail: key=0xFFFFFFFF; then for i in 0 to length(funcText) do:
    key=(array256[(key^funcText[i]) & 0xFF] ^ ((key >> 8) & 0xFFFFFF))
  4. The text of the decode function is obtained with arguments.callee.toString(), which has non-word chars stripped out and is converted to all-caps. Thus the importance of the function name X as an input parameter to the obfuscation, it doesn’t stop there as the text for the rest of the function body is also part of this key material and is full of randomised variable names. As you may have guessed, is is the random function and variable names that change from one downloading of the script to another — rather than just the xor key.
  5. The array of 256 integers is generated from a simple algorithm with a seed value, no need to detail it I think. It’s worth observing that between the different downloads of the script I saw the effective seed value didn’t change so this array remained constant.

Certainly much more complicated than the old xor code! But, I’d hope, a waste of time — since AV suspicious-script detection should work off generic patterns visible in the script from inspection rather than relying on the variable details. Still, only 3 AV engines on virustotal.com thought this script was worth noting as “generic obfuscated HTML”, but I don’t know what script/browser components they have enabled so I wouldn’t trust these out-of-context results. Many AV products exhibit different, usually more paranoid, behaviour when scanning in-browser data and HTTP at the gateway. And, looking at the whole Storm picture, this little snippet of code is just part of the delivery mechanism, it’s more important that the actual browser exploits and malware executables are caught!

Anyway, back to the script, this thing unwraps like a matryoshka doll. The plaintext is the same algorithm over again with new randomly generated function/variable names and a new ciphertext. The new ciphertext is much shorter though and after decoding we’re finished with this sample. The end result is javascript that generates a script DOM element and appends this to the document.

    var script = document.createElement("script");

    script.setAttribute("language", "JavaScript");
    script.setAttribute("src", "<nasty_local_url>");

    document.body.appendChild(script);

The most interesting item is the sample is this use of arguments.callee.toString() as key material. No doubt a direct defence against the usual malware-researcher practice of changing the final eval into an alert to expose the plaintext. While an admirable attempt at making life harder for researchers it’s not difficult to circumvent, just create a new variable assigned to the text “function X(Y) { ... }” and use this in place of the arguments.callee.toString() and good old alert should do it’s usual trick (then unwrap the next shell of the matryoshka). (Yes, “function” all that are included, though braces/punctuation don’t matter in the samples I have since an s/W//g is applied to the text)

The other “new technology” here is intriguing but not remarkable, using Vigenère instead of xor seems a curiosity more than a real advance (they’re certainly not doing it to hide the tell-tale use of the xor operator in a loop since they use xor in the key generation loops). Honestly, is looks just like some geek having fun, like me… but in this case we have a bad geek. Tut tut.

I’ve put a de-obfuscated and commented version of the script code up as well as a page containing active JavaScript that demonstrates the code. (Don’t worry, the active page’s payload is just an “alert” call!)

Christmas Storm

Note: This entry has been restored from old archives.

It’s been a while since I’ve had a Zhelatin/Storm/Nuwar mail get through to my inbox. Just in time for Christmas I get a shiny new one! It wishes me “Merry Christmas Dude” and provides a suitable URL for the season, no suspicious IP address link for this special occasion.

This one is a little different to previous efforts I’ve looked at. The embedded javascript isn’t malicious at all, in fact it is JSnow v0.2 complete with copyright notice. Snow! Joy! Is our favourite bot-net wishing us all a good Christmas out of good old fashioned social benevolence? Ha, fat chance! The page displays for us a set of scantily clad Mrs Clauses, enticing us to click on them for more. The link is to stripshow.exe, just less than 50% of the scanners on virustotal.com detect this at the moment. The list of ones that miss is conspicuously a round-up of the set with the largest market-share (interspersed with the ones that simply suck), this shouldn’t be any surprise these days.

It doesn’t stop there though, in a further effort the page embeds a javascript
in a I-Frame. And behold! We see the expected obfuscation code. So, in the end this isn’t really much different to previous sightings. I guess this strategy is still paying off for the crims behind it. It’s a sad indictment against the state of Internet security and security awareness that even after so many months this seemingly still works.

This time the javascript obfuscation is far more complex than others I’ve seen. Rather than a couple of simple translations we have several loops employing shifts and a variety of other bitwise operators (didn’t even know ECMA had an LSR operator). I guess they’ve invested some of their research time into this aspect of their code. At the moment only three of the virustotal.com scanners have anything to say about this and that’s just something along the lines of “generic obfuscated HTML”.

I wish people an infection-free Christmas. Have a good one.

Malignity?

Note: This entry has been restored from old archives.

Why malignity? More than 5 years ago I registered malignity.net and now, honestly, I don’t remember why I chose “malignity”. Maybe I was going through one of my phases of angst-ridden annoyance at society. Or it could have just been contrived evilness designed to somehow upset the apple-cart of the Establishment (not that it could care less). In reality I rarely feel truely malignant, and in history it isn’t a common theme in my life. Sure, society still annoys me, I still turn my nose at anything with a whiff of Establishment about it, but my reactions are more reflective, more latently sociopathic. Malignity? If I was malignant in my reaction to the world about me we’d be talking Fight Club, not mere grumpiness.

In short: I’m redirecting to the more logical URL of http://yvan.seth.id.au/. Honestly, that makes far more sense. I’m not going to consider finding a new word to inaccurately describe myself and my babble, my name is correct and sufficient and unlikely to change (neither is the fact that I’m Australian). Anyway, a quest for a new “word” would require the dictionary-of-eye-wateringly-long-words, or looking at new and obscure top-level-domains.

I haven’t decided whether or not I’ll renew the domain in the future, however malignity.net doesn’t expire until mid-2012 so there is some time to mull over that one! I have no intention of trying to change over the huge number of emails tied to the domain anyway, so I expect it is a keeper — just in a reduced capacity. For now all all old URLs will just return 301 to yvan.seth.id.au, but I expect I’ll turn that off in a month or two. (In other words: if you care, update your bookmarks or readers.)


Now for the waffle. Best served with bannana, maple syrup, and double cream.

Even for people like myself, who really don’t have much time for the whole “Christmas thing”, this time of year is marked with indelible ink. When it comes to traditional Christmas and New Year I can take it or leave it. To me, one is a solstice festival commandeered by popular religion. Christianity owned it for centuries, and Commerce seems to be the major stakeholder now. The other is a mere side-effect of the ridiculous concepts of “clock” and “calendar”, I try not to think about time too much as it upsets me[1]. That’s how I feel, but it does not represent how I think anyone else should feel! It’s been a long while since I last thought the world should conform to my point of view. What a mess that would be!

Now I write, delete, write, and then finally suppress a sequence of words that tries to adequately describe my position on Christmas. It’s too difficult for me to explain in a succinct manner. I’m not against it, not for it. It is just a concept after all. What gets my hackles up is other people, and that is a truly endless source of material which can all be boiled down to “they are not me”.

Me? I can’t escape the season, it’d be like trying to run away from my own shadow. My family did the Christmas thing and even took a day or two off, and as a restaurant family time-off in the high-season is a big thing. So from before I remember it was part of my life. Religion wasn’t though, the only dose of religion in my childhood was a devout Christian (Methodist maybe, I’m not sure) baby-sitter who didn’t really push the subject but read us a lot of old testament stories for bedtime. That and my father’s occasional claims of being Catholic, which I always thought a bit absurd. He had it whipped into him by nuns or something though, corporal punishment does tend to drive the message home[2].

Anyway, despite the usual Grinch-like posturng, there’s a Christmas shaped hole in my year and what better to fill it with than Christmas? But what shape is this hole? It isn’t relaxation shaped, it isn’t shaped like a glass of beer, nor a church. Maybe it should be family shaped, it probably was once but eight years of being nowhere near family at this time of year has morphed it into something else. The shape is one of reflection and speculation. I have to laugh at myself on thinking this: no religion yet I immerse myself in quiet contemplation of the metaphysical.

I don’t travel at this time of year, it’s the worst time to try. I don’t even go out much, for much the same reason. I stay at home and try to get some of the wrinkles ironed out of my thoughts. Small things I’d normally be forced to dismiss get more time. Small things such as “malignity”, I’ve been uncomfortable with it for quite some time now. I thought about it for a good couple of hours just now and decided there’s no reason not to switch to my namesake domain. So it is done.

I’ll have more time to myself than usual this year. Traditionally I work on the on-days over the period, but the calendar is inconvenient this time so I’ll probably have the entire block of 11 days as a break. Kathlene on the other hand has to work on the on-days, bummer. So, what’s going to happen? More reflection and speculation or will hoped-for personal-productivity actually occur? This time right now is certainly the former.

I have a very long list of things to dwell upon, haven’t we all?


[1] For a sociological headache read up on the history “standard time”. Especially daylight savings and the insane emotion and politics around the subject. Physics is another issue entirely.

[2] Proof: In year-1 I was smacked by the principal for biting a classmate on the back (he pushed into the line!) and I’ve not bitten anyone since (well, not against their will).

Foggy Day

Note: This entry has been restored from old archives.

Into the fog

Into the fog

Today it was cold and foggy. What did we do? We popped out to the supermarket
to get some goodies: cheese, salami, and crusty bread. We stuck some hot water and a couple of bags of Earl Grey into a thermos. We hopped up to the next station on the tube. We wandered to the centre of Chorleywood Common. We had a picnic! It’s nice to see the world a bit differently.

Interested people might like this little collection of
photos from our foggy wander.

I’ve got a lot of things to get “written down” but, as is my continual predicament, it costs me a great effort to get things from my head to “paper”. I’m not going to finish the day-by-day summaries from Finland, instead I’ve been trying to codify a more complete “write up” of the trip into a sequence of words. It grows like a monster! I try to cut down the length and behold, it grows! I seriously lack the art of brevity. Additionally I’m intending to write reviews for three restaurants in Äkäslompolo. I have at least three recipes I need to finish, though they’ll doubtless end up in the folder with 10 or so others that gathered too much dust. I have a couple of entries I need to complete on local produce, local to the Rickmansworth area specifically. The list goes on!

Beauty

Beauty

A pile of randomly conceived chains of thought gathering dust. And always the qustion: why bother? Much effort, many ungainly sequences of words, a very small and anonymous audience. Believe me, it isn’t through a belief that I’m improving the content of the ‘net in any way. I really don’t care much for such high minded claptrap. The truth is that it is entirely self-centred, what human act isn’t? I derive an unlikely level of enjoyment from the effort, though I ridiculously feel much angst over the dust gatherers.

This “time of year” may help me a little on this front. What a mess the calendar has made! Both Christmas and New Year public holidays mid-week! So I’ll probably take the unusual, for me, route of just logging it all as “leave”. Although, as ever, work is a self-perpetuating to-do list with variable urgency.

There’s also two (semi)personal “tech” projects I want to get some time in on. It’s going to have to be one or the other, which will win, which lose?

There’s non-tech projects galore… this is the conundrum commonly referred to as “life”.

Decisions!

I’m leafing through “The River Cottage Year“. Inspiring! Depressing! Where is my garden? Where, for that matter, is my cow?

Ylläs Ski Trip – Day 2 & 3

Note: This entry has been restored from old archives.

[[ Full write-up of our holiday now available: Ylläs Ski Holiday 2007. ]]

Day 2

More skiing, we’ve been handed over to a new chief instructor — it seems Ola’s job is to scare the first-timers. We start out on the same slope as the previous day. After tackling a longer and curvier one the day before it seemed rather casual! Maybe sticking to the slopes for the extra hours paid off. It’s also a beautifully clear and windless day, making things easier still. No falling off! The slopes are actually kind of icy today, it’s been a few days with no fresh snow and the snow machine snow, I gather, just isn’t quite the same. The instructors hope for fresh snow overnight (though to us the skies still look completely clear at 17:00).

We cover some new tricks. One is lifting the uphill ski, since it is more stable to keep your weight on the downhill one. The second is skiing (very carefully) backwards. The main lesson I need to learn is: lean forward! No! Forward!! shplaff See, if you lean back you fall!

The last thing we do for the lesson is move to a new slope, one right in front of the ski-hut. This is much steeper and is an easy grade rather than the very easy we’ve been dealing with so far. I’m out of control and sliding all over the place, the main problem being that my turns end up being spins and then I’m going backwards down the slope. Despite this I don’t actually fall over at any point during this morning’s lesson.

That changes after the lesson though, I take on the steep slope several more times and fall over like it’s going out of fashion! My favourite move being turning too tightly, going backwards, then falling forwards.

Since we’re back at the hotel so early we decide to head out for a walk, though it is rather cold (-7) and twilight is getting well into night. We walk first about 2km to the Poro (Reindeer) restaurant to make a reservation for Wednesday, we’re told that it is quiet and there’s no need to bother. It was a good walk anyway and we pop into a couple of local-craft/gift shops along the way. We hold back from picking up goodies to send home since we’re not familiar enough with Australian quarantine regulations to pick stuff that can be sent there, all we know is that most things not made of plastic need to be irradiated or fumigated. Next leg of the walk is to the ATM/Supermarket where we discover that there are actually more than two Finnish beers (which is what you’d believe if you thought what the Hotel stocked was any indicator!).

Day 3

Ski ski ski! A good day for skiing, but still no fresh snow. I’m doing much better now, though still far less controlled than Kat. The most important thing in today’s lesson was the part where they took away our ski poles. We were to ski down the slope and on turning reach forward to touch the side of the boot on the outside of the turn. This really highlighted correct weight distribution for turning, turning is much easier now!

We left early today so Kat’s sore shins could have a rest. Though we took a few extra runs after the lesson to take some photos, it was another very clear day — and we’re hoping they’ll get less clear, which isn’t so good for photos.

Our plan was to head to Poro for dinner at 16:00, and that we did. Rudolf tasted gooooood. The walk to the restaurant and back was pretty chilly though, the hotel thermometer said it was -21 Celsius outside! Then we just generally relaxed a bit before having second dinner at 19:00 (grabbing some small bits and pieces from the included buffet so we wouldn’t have to go 14 hours without eating). Then we did some postcards before going for a walk down onto the lake, just a little, although earlier we’d seen a reindeer out in the middle of it and there was clearly a cross-country ski track going right out onto it too. We were hoping to see some Northern Lights, but it was a no-show despite the clear starry sky (damn, probably no new snow gain). Apparently we missed a Northern Light display the previous night.

Ylläs Ski Trip – Day 1

Note: This entry has been restored from old archives.

[[ Full write-up of our holiday now available: Ylläs Ski Holiday 2007. ]]

[A few minutes of /net access today, but it is unusably slow! Tried accessing email, couldn't.]

The previous day is all rather dull really, on Saturday we caught the train from Watford to Gatwick (A direct train! I’d never have thought there was such a thing if it wasn’t for the fact that the Metro Line was being “maintained” yet-again). We overnighted in the Gatwick “Best Western” hotel, I wouldn’t generally recommend the place but just fine if you’re only after somewhere to sleep for about 70 quid (plus 10 quid worth of “courtesy” coach fares by the end of it too). Our plane left at midday on Sunday, we probably wouldn’t have had a problem getting to it from Ricky on the same day but who needs the hassle of early morning rushes when a cheap hotel can keep everything at a leisurely pace? (Alternatively there’s always the crazy-backpacker “sleep in the Airport” trick, stuff that.)

We flew from Gatwick to Kitalia (3 hours), then took a bus from Kitalia to Akaslompolo (1 hour). In short order we were sorted out with a room, meal vouchers (didn’t expect dinner to be included, even mass-feed buffet), and lift passes. This is all arranged by a company called Inghams, since we’re doing this trip with the transport, hotel, and skiing as a package — seems the simplest way, arranging holidays is so time-consuming (I’ve put together some pretty complicated ones). There’s a lot of “families” here, which means piles of middle aged poms with the precious disgusting little offspring. I haven’t felt much of an urge to eradicate any yet, thankfully they’re mostly here to see reindeer (I’m here to eat them), huskies (can you eat them?), and, of course, some fat paedophile in a red suit (spit roast?). We chose to avoid all these “outings” and other “safaris” (which all cost quite a bit, though not much compared to skiing) to focus on learning to ski, the actual purpose of this trip for us.

There seem to be very few “young people” in the group, as far as I saw there’s just one other couple about our age and a couple of girls around 20. I guess most not-yet-breds have a preference for the trendier ski haunts, the “apres ski” here is renowned for being quiet (plus it is really early in the season).
So, Monday, which I think of as “Day 1″. Up at 07:30, buffet breakfast at Akashotelli — bread (good bread here), hard-boiled eggs (eggs are eggs), and salami (cold meats are the norm when it comes to breakfast in European hotels) with a cup of filter-coffee for me. Bus to slopes, there at 20 to 10, quickly fitted for boots and skis. Have a filter-coffee. Lesson starts at 10, it’s only just daylight. We’re in a group of about 10, all “first timers” (but I have a suspicion at least a couple of people were just along for a refresher and the cheap combined lift-pass and ski-hire deal you get out of taking the “absolute beginner” lessons). We had four instructors, the lead instructor, called Ola, is 6-foot-something and probably 300 pounds.

Ski! I’m a slow learner, inhibited by my own extreme lack of co-ordination. First we learn to “snow plough”, meaning to slide down-slope pigeon-toed so that the ski tips are close together in front of you (don’t cross the skis!) and far apart behind you. The further apart behind you they are the slower you go, unless you’re me and it doesn’t seem to make any difference. I soon learn to shoot off the right side of the slope rather than the left, since there’s a road on the left and, after launching over a heap of snow, landing on rough ice is unpleasant. The instructor tells me that if I go on the road I’ll get ploughed. A valuable lesson, since shooting off the slope seems to be my favourite trick… it’s nice and soft on the right. I want to blame momentum, but the lead instructor (skiing backward half the time) puts the lie to that cop-out.

Next we learn about steering, though I suspect that the true purpose of the lesson is to make people realise that the ski poles are not for downhill use and you don’t need them. You hold your poles out in front of you with straight arms and “steer like a handlebar”. The idea here is that you turn your upper body and “the skis follow”, this doesn’t work so well for me. I’m told I turn too much of my body (from the knees) or not enough (just pointing my arms in the desired direction, futile, I crash into the soft snow to the left of the slope again.)

We’ve been up and down the slope a couple of times now. The ski-lift, which I think is known as a drag-lift, is something I manage without much trouble. Except for the first time, I let go too early on the final steep ascent then wonder why the end of the lift is suddenly getting further away. Ho ho! I dub this lift the “wang lift”, Kat prefers to just cackle and pretend she’s on a broomstick.

Our final trick for the day is “turn by putting weight on the leg opposite to the direction you want to go”, i.e. to ski left you press down on your right ski. This is, we’re told, “just like roller-blading”. A reassuring thought for me since I own a pair of roller-blades and Kat takes me out on them occasionally for a painful session of falling on my butt (and hands, knees, side, back, …). I have a little more success with this, though still manage to shoot off the slope half way down.

That’s our 1.5 hours for the day. We head back to the ski hut and they take our names. I’m asked if I’m on for the 3 day or the 5 day course. “The 5 day one, I think I need it!” Laughs, then in a serious tone, accent resonant to some Russian villain from a Bond film: “Yes, I agree.” I’m left feeling unsure as to whether he thinks it is good that I’ll be there for the full 5 days or he’s wishing he’d be rid of me sooner.

All in all I was probably the least able of the lot. Others fell over, shot off the slope, or came off the drag-lift. But none fell as hard as I, or shot off as fast, or as many times. My main problem, I think, is that I’m always concious of people in front of me, always worried there’s someone behind me, and just freak out if someone is next to me. My thought is “oh shit, I’m going to hit them, then they’ll break!”, next thing I shoot off the slope.

After a coffee and some water we head out to the slops again, sans instructors. I’m determined to, at least, be as bad as the next worst person in the group by tomorrow. Kat and I spend a couple more hours out there and I think I made a lot of progress, that final “weight on the opposite ski” trick was a major leap forward for me, I “got it” much better and by then I was also “snow ploughing” to a stop with more control (i.e. actually stopping). I still shot off the side from time to time though. It was starting to look kind of dark by now, yes, twilight setting in at 13:30. We popped back to the ski-hut and had something greasy for lunch (not really gourmet here), had some more coffee, some water, then headed back to the “very easy” slopes.

It was getting on to the properly dark side by now but everything is well lit by huge food-lights so this wasn’t much of a problem (the lifts close just before 17:00 at the moment). We tried out the next “very easy” slope over this time, “slope 3″. It was longer, narrower, and curved. But I managed to ski down it about 5 times and only fell over once (not counting the time I fell over at the top because my poles had got tied together going up the lift and provided a moments distraction after I set myself sliding down the initial steep slope, a moment is all it takes.

On the way back we went down the easiest slope one more time and I effected my fastest right-side-exit yet — knocking my mask off and face-planting right into the snow. Bloody cold. We headed back to the ski-hut to see the 16:00 bus leaving… so had to hang around and have a beer while waiting for the 17:00. Back to the Hotel, left my beanie on the bus (so much for Kat and I having matching beanies, gimp), change, eat, stuff — all feeling a bit of a zombie. Somehow it’s nearly 21:30, huh? Yawn