Meilof's homepage

Animenu.pl, y4merge, NTSC and so on

I received an e-mail today from a guy called Robert, who gave me just the kind of quote you'd want to put on your website:

I wanted to thank you for animenu.pl of course the backends that make it possible - quite a neat tool. I had dispaired of creating animated dvd menus using only linux and opensource tools before I found it.

Anyway, he also mentioned the following:

As a side note, I had to add -k to the transcode line or the colours were all messed up - possibly to do with using ntsc content vs pal or perhaps something to do with the way I captured the yuv stream originally from VHS. I also added some ntsc parameters to some of the commands.

So, if you experience problems with NTSC movies, you may want to try that -- and of course, mail your experiences :)

Currently listening to... Vive La Fête

In the universally challenged "Currently listening to..."-series, today we feature the Lowlands 2005 performance by Vive La Fête, which can be listened to on 3voor12. Not that I have really much to say about it: it's just very decent electronic music which is fun to listen to.

The reason I'm mentioning it here is that, in order to get it on my MP3 player in a decent fashion, I split up the complete concert, and spent some time finding out what all the songs were called. Which wasn't that easy, either, given that the lyrics are in French, and many lyrics of songs were nowhere to be found. Anyway, I collected the following setlist for Vive la Fête at Lowlands 2005:

1. Intro
2. Nuit Blanche
3. Mon Dieu
4. Hot Shot
5. Schwarzkopf
6. Machine Sublime
7. Petite Putain
8. La Verit�
9. Libert�
10. Assez
11. Maquillage
12. Jaloux
13. Noir D�sir
14. Outro
15. 2005
16. Banana Split
17. Real Wild Child

If you want some small recommendations, I'd say Liberté and Noir Désir are pretty nice. The latter song is also featured as a video on 3voor12, but only the first 5 minutes of it; the song actually continues for 4 minutes of mainly screaming, which is quite cool.

Currently Listening To... Moustache (half a scissor)

In the mostly defunct "Currently Listening To" series, today we feature Moustache (half a scissor), the new album by Mr. Oizo.

Most (some?) people will still remember Mr. Oizo from the famous 1999 Levi's commercials in which the song "Flat beat" and the yellow puppet figure "Mr. Oizo" were featured. What most people don't know however, is that in the same year, Mr. Oizo (a pseudonym for Quentin Dupieux, the producer behind the commercial) also released an album called Analog Worms Attack. In fact I didn't know either, until some years ago I bought it for a euro or so in some obscure shop in the Czech Republic. It's sort of very minimalistic electronic techno-ish music, but in a very strange kind of way.

Anyway, now after 6 years, Quentin Dupieux managed to pull another 30 minutes of strange techno together. The album doesn't seem to be out yet, but it is featured on the 3voor12 luisterpaal this week, so anyone can listen to it which is quite nice. I haven't finished listening to it (currently at track 14, calld "1$44"), but the first impression is that the second album is even stranger than the first. While the first had tracks that were clearly recognizable as songs, even with some repeating parts in it, any such structure seems to be missing from this new disc. Also, it has the effect of making me feel slightly sick when listening intently to it. I do seem to like it though, so I would advise anyone to take a listen to it.

The Outlaw 666 & Swap-sorting

On 3 to 7 October, the Dutch alternative radio station KinkFM [www.kinkfm.com], to celebrate their 10-year anniversary, will broadcast a chart show called the "Outlaw 666", with the 666 best alternative songs of the last 10 years. On the website, you can pick your favorite 14 songs from a rather long list. It promises to become quite a neat list. Ateaseweb, a Radiohead fan website, already noted the remarkable fact that there are exactly 14 Radiohead songs to choose from:

On KinkFM.com you can find a shortlist of tracks you can choose from and vote for your 14 favourite tracks... easy questions... easy answers... there are 14 (!) Radiohead tracks shortlisted.

Even though I'm a pretty big Radiohead fan, the Top-14 I submitted is a bit different from this recommendation:

0. Radiohead - Paranoid Android (1997)
1. Muse - New Born (2001)
2. Kaiser Chiefs - Oh My God (2005)
3. Mars Volta - Inertiatic Esp (2003)
4. Bloodhound Gang - Fire Water Burn (1997)
5. Limp Bizkit - N 2 Gether Now (200)
6. Gorillaz - Clint Eastwood (2001)
7. Air - All I Need (1998)
8. Manic Street Preachers - If You Tolerate This (1998)
9. Fatboy Slim - Praise You (1999)
10. Mando Diao - Down In The Past (2005)
11. Datsuns - Motherfucker From Hell (2003)
12. Therapy? - Church Of Noise (1998)
13. Kings Of Leon - Four Kicks (2005)
Own choice: Radiohead - Polyethylene Part 1 & 2

Filling in the list did pose a bit of a difficulty though. Since, while browsing the shortlist, one cannot already say at which position in the Top-14 a song should be (because you don't know how much better songs will follow), I ended up just adding songs at consequitive places in the list to sort it later, and when the list was full, just replacing the worst song in the list with a new one. Suppose in the end, one ends up with this list:

Air - All I Need (1998)
Bloodhound Gang - Fire Water Burn (1997)
Datsuns - Motherfucker From Hell (2003)
Fatboy Slim - Praise You (1999)
Gorillaz - Clint Eastwood (2001)
Kaiser Chiefs - Oh My God (2005)
Kings Of Leon - Four Kicks (2005)
Limp Bizkit - N 2 Gether Now (200)
Mando Diao - Down In The Past (2005)
Manic Street Preachers - If You Tolerate This (1998)
Mars Volta - Inertiatic Esp (2003)
Muse - New Born (2001)
Radiohead - Paranoid Android (1997)
Therapy? - Church Of Noise (1998)

How does one put the songs in the right order. Obviously, one would like to sort them, but how? The Kink FM forms only allows swapping two consequitive songs, as can be seen in the image:

So, if one only has this possibility, how can one sort the songs as quickly as possible? If possible, we would both like to minimize the number of times one have to ask himself the question "Which song is better, song A or song B?" (the number of comparisons), and clicking a button on the screen two swap two songs (the number of swaps).

The method I eventually used was the following:

Look at the first song in the list
Move all songs that are better than that song above it
Repeat the process for the list of songs above the first song, and for the list of songs below the first song, until you are done

For example, say All I Need by Air was the first song in the list. Then I would place the 7 songs I liked better above it, leaving the other 6 songs below it. Then I would sort the songs 0-6, which would probably have Fire Water Burn as the first song, in the same way, and songs 8-13, with Motherfucker From Hell by the Datsuns as first song. And so on, and so on. This is actually a variation of what is known as quicksort. But is this the best method in our situation?

This is of course a specific case of the general theory of efficiency of sorting algorithms. This is quite an important topic in the Computer Science field, and much theory is available on it. Many sorting algorithms are discussed in this Wikipedia article. Here, the efficiency of sorting algorithm is given in the so-called "Big-Oh" notation. If a sorting algorithm is said to be O(n^2) (O of n squared), this means that if the number of items in a list is doubled, the time needed to sort it will quadruple (i.e., it increases quadratically). Similarly, if a sorting algorithm is O(n), if the number if items in a list is doubled, the time needed to sort it will double too. There is a theorem which states that a general sorting algorithm can never be better than O(n log n), which is somewhere between O(n) and O(n^2). There are several algorithms that are O(n log n), of which quicksort is usually the fastest.

This is all quite nice, but unfortunately, it doesn't apply to our problem. In the theory on efficiency of sorting algorithms, it is assumed that swapping two arbitrary elements in a list always takes the same amount of time -- i.e., it is O(1). But in our case, this is not true. Suppose we have a list [1 2 3 4 5], we could use the following 7 swap operations to get the 1 and the 5 swapped:

[1 2 3 4 5] -> [2 1 3 4 5] -> [2 3 1 4 5] -> [2 3 4 1 5] -> [2 3 4 5 1] -> [2 3 5 4 1] -> [2 5 3 4 1] -> [5 2 3 4 1]

Maybe we could do better, but we need at least 4 steps since the 1 needs to move 4 positions to the right. In contrast, swapping the 1 and 2 only takes one swap operation. In fact, swapping two arbitrary elements is O(n) since if the list doubles, the number of steps we need doubles, too.

So the question we actually want to answer, is: given only two operations on a list, which is comparing two arbitrary elements, and swapping two consequitive elements, which both take constant time (i.e., are O(1)), what is the fastest way to sort the list?

Now, surprisingly, there doesn't seem to be an answer readily available to this question. This may be due to the fact that in practice, when one wants to sort a linked list, one first converts the linked list to an array, then sorts the array using a normal, efficient, sorting algorithm, and then converts the array back to a linked list. This is the approach that, for example, the Java Runtime Enviroment, use. Quoting from their documentation on the Collection class:

This implementation dumps the specified list into an array, sorts the array, and iterates over the list resetting each element from the corresponding position in the array. This avoids the n2 log(n) performance that would result from attempting to sort a linked list in place.

So here it is claimed that in fact, any algorithm directly operating on a linked list, will be at least O(n^2 log n). This result seems to stem from the fact that swapping two arbitrary elements in a linked list takes O(n) rather than O(1) in the usual case, so any algorithm using swapping which is normally O(n log n) would become O(n^2 log n).

This cannot however be directly related to our question since a linked list has a set of operations different from our set, which only contains the swap oeration: in a linked list, one can add and remove entries in O(1), but access a random element in O(n). In our case, we can access random elements in O(1), but we cannot insert or remove elements at all. Do notice that swapping two consequitive elements in a linked list takes O(1) provided we have located the element.

Still, the O(n^2 log n) figure for linked lists mentioned in the Java documentation seems a bit strange if one considers Bubble Sort [http://en.wikipedia.org/wiki/Bubble_sort]: this algorithm iterates through all elements in the list, which is O(1) in a linked list, and swaps two consequitive elements, which is O(1), too. So, by the same analysis used to conclude that it is O(n^2) for normal lists, it should be O(n^2) for linked lists, too, which is better than O(n^2 log n).

And what's more, the same goes in our case with consequitive swapping and comparing as the only operations: in total, O(n^2) consequitive swappings and O(n^2) comparisons are done, making it an O(n^2) algorithm. Which is quite nice, since, by the above reasoning, modifying an algorithm like quicksort to work in our case would make it O(n^2 log n).

But still, we ask ourselves, can we do better than O(n^2)? The answer is no, and it can be seen quite easily. Suppose we have a list which is completely in the wrong order, the swapping of elements alone will take O(n^2) steps. For example, sorting the list [5 4 3 2 1] to [1 2 3 4 5] could, in a naive implementation, be done like this:

       4        3      2    1 = 10 steps
5 | 5 5 5 1 | 1 1 1 | 1 1 | 1
4 | 4 4 1 5 | 5 5 2 | 2 2 | 2
3 | 3 1 4 4 | 4 2 5 | 3 5 | 4
2 | 1 3 3 3 | 2 4 4 | 3 5 | 4
1 | 2 2 2 2 | 3 3 3 | 4 4 | 5

This takes 4+3+2+1=10 steps (which is the sum of all numbers < n, which is n(n-1)/2=O(n^2). And what's more, a smarter implementation can't do much better. Call the "distance" between a list and its sorted version the number of steps each element needs to move to get to the right position. In the above example, the 5 would need to move 4 places down, the 4 needs to move 2 places down, the 2 needs to move 2 places up, and the 1 needs to move 4 places up, making the distance 4+4+2+2=12. One can easily see that in general, the distance is O(n^2). Now any swap of two consequitive elements, if both elements move in the right direction, can only decrease this distance by 2. Hence, the number of swaps needed is at least O(n^2) (and as we saw, we can do it in O(n^2)).

In conclusion, any sorting algorithm in our situation is at least O(n^2), and the bubble sort is O(n^2), hence it is, by a constant factor, the best sorting algorthm available in our situation. An added advantage is that while the quicksort algorithm require some book-keeping to remember what sublist we are actually sorting, this algorthm just works by repeatedly running over the list. Here's how it works:

For each song X, starting by the last one:
- Start with the first song, and go down the list to song X, swapping songs that are wrongly ordered in relation to each other on the way

One final remark: all of the discussion above assumes that there actually is a decent total ordening of the songs in the list. However, when I tried to sort the same list according to my wishes using bubble sort, I got a different result from the one displayed above:

Radiohead - Paranoid Android (1997) / Bloodhound Gang - Fire Water Burn (1997) / Muse - New Born (2001) / Mars Volta - Inertiatic Esp (2003) / Limp Bizkit - N 2 Gether Now (200) / Air - All I Need (1998) / Kaiser Chiefs - Oh My God (2005) / Mando Diao - Down In The Past (2005) / Fatboy Slim - Praise You (1999) / Gorillaz - Clint Eastwood (2001) / Manic Street Preachers - If You Tolerate This (1998) / Datsuns - Motherfucker From Hell (2003) / Therapy? - Church Of Noise (1998) / Kings Of Leon - Four Kicks (2005)

Does this make this whole story useless? Why, no of course :) Oh, and I didn't feel like making all O's proportional, for which I apologize. -- Meilof -- meilof@gmail.com

Meilof's Snackbar Review Guide: Snack news & Snackbuffer "Het Vliet"

No updates to the Guide in a while, but then nothing much has happened in the snack scene of Leeuwarden. One notable event is that from this year on, the open-air swimming pool in Giekerk now sells snacks. Being run by the same people that run "Het Kruispunt" (situated at, you guessed it, the main crossroad of Giekerk), one instantly recognizes the typical (quite good) taste (which is mainly due to their extensive use of paprika spice), the very decent mayonnaise and good curry. Unfortunately, at normal snack prizes, one gets only a very small portion of chips. I haven't been to Het Kruispunt for a while, but I recon one still gets the same good fries for a much better prize there. (Now that I think of it, I have never actually discussed Het Kruispunt -- would be a good idea.)

Now that I think of it, there has been an update: the snack bar formerly called Chef, famous for its excellent hamburger sandwiches, has re-opened as a shoarma shop annex snack bar. I went there for a coffee (which was nice, though overpriced at € 1,80 for a cappuchino), but a friend of mine bought a menu, consisting of a shoarma burger and a drink, for € 3,00. I had a bit and it seemed to taste well. More to follow (possibly).

But the most significant contribution to the Guide today is that I finally paid a visit to Snackbuffet Het Vliet, somewhere along Het Vliet in Leeuwarden. There are actually two snack bars on Het Vliet, one on the corner of the Oostergrachtswal, which is conveniently close to Wolweze, and one which, being a bit farther down the road, I hadn't tried yet. Which is what we'll be talking about today.

Unfortunately, there was no need to be sorry for not visiting Het Vliet before. I ordered a chips with speciaal sauce (which is mayonnaise, curry and union pieces), but the result was disappointing. The chips were reasonably priced at € 1,51 (for some reason, this snack bar doesn't round of amounts until at the counter), but the portion was pretty small, and had the sauce on top of it, which doesn't add to the snacking experience either (at double the prize, larger portions are available). But worst of all, rather than having the mayonnaise and curry apart, they were mixed together into the yellow-organge-ish blubber known in snack land as Joppie Sauce, the most distasteful invention in snacks since low calory food. This combination of a small portion of chips with Joppie Sauce all over it made me feel like a small boy who just bought his first chips. Needless to say, this is not good.

The kroket sandwhich ordered as well was reported to be "just a kroket sandwhich". Adding to that the slightly cheesy atmosphere, it will be clear that Het Vliet is not a place to visit if one isn't hungry and in the neighborhood.

Ratings:
Price: 5/10
Service: 6/10
Taste: 5/10
Ambiance: 5/10
Overall: 5/10

HogerLager, version 1.1!

Just days after, along with Lovecalc for J2ME, I released the 1.0 version of the HogerLager game for your mobile phone, here's the updated 1.1 version! ChangeLog:

Fixed the irritating newlines that forced you to scroll on your screen (at least I had to on my SonyEricsson K300i)
Adds support for high scores (stored persistently!), currently no way to reset them :S

I won't keep you from downloading the hot stuff any longer: source code here; JAR and JAD to play now!

Since it's currently in Dutch, I'll just explain a bit about the game and things should become understandable (I18N would be nice for version 1.2...). The object of the game is guessing whether the next card on an (imaginary) pile is higher or lower than the current card. The person who succeeds in guessing right for the longest sequence of cards, wins! The normal card order, i.e., 2, 3, 4, 5, 6, 7, 8, 9, 10, jack (boer in Dutch), queen (vrouw), king (heer), ace (aas). Same height is right, too, and the pile is shuffeled after each card. Enjoy, and tell me your highscore -- mine is 13 :)

LoveCalc for J2ME!

Since my new SonyEricsson K300i telephone, which I got a few weeks ago, supports Java J2ME applications, I figured I'd play around with J2ME a little, and developing J2ME applications is surprisingly easy!

At first, I tried the J2ME SDK shipped by SonyEricsson itself (download), which worked nicely enough. Its main advantage over Sun's own J2ME SDK, on which SonyEricssons software is based, is that it can show how your applications work on SonyEricsson phones, rather than just the default phone emulated by Sun's SDK. Even though, an application I developed with the SonyEricsson SDK worked just fine on my brother's Siemens phone.

Anyway.

The J2ME SDKs ship with a very minimalistic IDE called KToolbar, which can be used to compile and run applications with, but if you want to develop J2ME applications within the excellent NetBeans IDE, there is the NetBeans mobility pack, available both for Windows and Linux, that enables you to create, and even debug, J2ME applications from NetBeans. This works very well.

Anyway, so I programmed a J2ME edition of the Love Calculator, see screenshot on right. Nothing fancy yet, though the API already supports showing steps and setting step/length limits. The thing can be found here (JAD here). Source code: here. And there's API documentation, too: here! Enjoy!

And oh yeah, I did a game called "Hoger/Lager", too! Get it now!

WIDM now hosted at Berlios

I registered a Berlios project account for the WIDM Who Is The Mole execution software; from there, I can finally decently host my CVS and releases without problems with quota and with a publicly available CVS tree!

More to follow; for now, see how beautifully widm.berlios.de gets redirected to this very page...

Criminals use DNS spoofing to make money

(Story here too)

Various Dutch media are carrying a story today from a new Dutch technology/lifestyle magazine called Bright about DNS spoofing: taking over the control of domain names. There reportedly is a group of online criminals that is doing this for money. The complete article can be found here; this summary by newspaper De Volkskrant pretty much mentions the most important bits:

Internet crime: one million visitors for $1000

Criminal hackers are manipulating vital Internet nodes for money. The hackers lead visitors to popular websites such as Google.com and Yahoo.com to other places, such as pornographic websites. According to Dutch experts, this abuse is "daily practice".
In the latest issue of the technology magazine Bright, the webmaster of the sex site AskJolene.com told he was recently approached by an unknown American person with the question whether he wanted to buy 'targeted visits'. "I can decide where people are being sent to on the internet", Toine Verheul heared.
Remotely, the anonymous hacker showed his capacities. Verheul was asked to enter a search term with Google. Rather than seeing a list of references, he was directed to a sex website. This happened when Verheul clicked on references on the website of CNN.com as well.
The hackers are using a long-known weak spot in the domain name servers, large network computers what direct the traffic on the internet in the right direction. They function as a sort of 'telephony central', making sure a user who enters CNN.com is actually sent to the website of the American sattelite station. It is possible though, to temporarily suppy these traffic controllers with fake data. For a short period of time, users of certain websites are 'hostaged' to other places.
This phenomenon is called DNS cache spoofing or DNS cache poisoning, and according to the Dutch experts quoted in Bright, it is daily practice. The scale on which the manipulation takes place, is unknown to them. It's the first time that there are clear indications that hackers are making money out of this Achilles heel of the internet.
The unknown America who approached AskJolene.com, said he represented a group of network managers who maintain the most important nodes on the internet. He asked for thousand dollar for directing a million visitors.
Domain hostaging can cause great damage to its victims. Last month the New York internet provider Panix disappeared of the radar for few days after an unkown person had 'captured' his its domain name. This caused the websites and e-mail addresses of tens of thousands of subscribers to become unavailable.

Simple cache spoofing

The article doesn't make it completely clear how the IP spoofing happens. Basically, there are two different ways to do DNS cache spoofing: by including fake data in a valid answer, or by sending a fake answer.

The first method has been known for ages, and is in fact actually known to have exploited in practice. It requires having an internet domain name server. The way it works is this. Suppose you run the zone evil.org, and you want to poison the addresses of www.google.nl.

You send a query for, for example the www.evil.org. domain name to the DNS server you want to poison
The DNS server would then ask your DNS server about the addresses of www.evil.org..
Your DNS server then answers with "www.evil.org. is an alias for www.google.nl.". As additional data in the answer, your DNS server would supply a hint saying "The address for www.google.nl. is (your address)"
The DNS server would accept this hint for www.google.nl., and remember it
The next time oneone sends a query about www.google.nl. to the DNS server, it will remember the answer your DNS server gave, and send it back
The client sending the query will then connect to the IP number you specified!

The interesting point of this list it is of course point 4. And believe it or not, but there are actually DNS servers that, despite of the fact that the evil.org. DNS servers have nothing to do with www.google.nl., would still accept the data. This is mainly old versions of BIND. BIND has been fixed long since, but according to a survey done by Men and Mice, 33% of all DNS servers on the internet is still vulnerable to this attack!

The solution here is simple: just upgrade to a recent version of basically any DNS server: recent versionf of BIND and MS-DNS, and all versions of other software such as Posadis, MaraDNS and DjbDNS do not have this (pretty stupid) problem.

If, on the other hand, you want to experiment with spoofing, you can: I wrote a small Posadis module which helps you poison buggy caches :)

Sending a fake answer with IP spoofing

Unfortunately, there is another way to inject fake data, which is much simpler to explain, but much harder to do in practice. This is done by IP spoofing: pretending to be an other server. A message sent over the internet passes many servers, and in theory, any server in between can modify DNS messages in between to have them contain other data (a so-called Man in the middle attack).

Worse yet, you don't really need to be in between the client and the server. An answer to a DNS query has an ID, so if you're not in between the client and the server, you don't know the ID, and you can not spoof an answer to a query. But if you just start sending random answers with random IDs, you may get success some time. There are 65536 different possible IDs, and you need to guess the IP port a query is sent from, as well as the exact moment of the query, so you will need a lot of messages to have success, but it's theoretically possible, though I'm not aware of this being done in practice.

There are several reasons why IP spoofing is particularly worrying for DNS, and less so for other procols, say HTTP or TCP. First, DNS is a connectionless protocol: a client sends one IP message to the server, and the server sends one IP message back with the answer. This means that only one IP message needs to be spoofed for the attack to be succesful. Communication with HTTP or FTP, or any other TCP-based protocol, consists of several IP messages, making the chance of it getting noticed bigger. Also, when a caching DNS server gets wrong data, it will remember it for some time, which means that one fake piece of data can be re-used for hours after hours.

There really isn't a solution for this at the moment, except for making sure the ports and message IDs used by clients are as random as possible. Recent versions of DNS servers do this. This only makes a difference if the attacker is not between the client and the server. If the attacker is between the client and the server, for example if he controls an important internet, this does not matter.

What method was used?

The Bright article doesn't make it really clear which spoofing method was used in this case. The article mentions that 'various versions of popular nameserver-software [..] allow this kind of 'spoofing', which would refer to the old cache poisoning method

The fact that the hacker claimed to 'represent a group of network managers who maintain the most important nodes on the internet', and the fact that the attacker asked for the IP number of the victim, seems to strongly suggest a Man in the middle attack. If this is true, then this would be a very serious problem, because there is really nothing that can be done easily to fix it, and it could also be used to rob on-line banking users of their secret codes or credit card numbers.

DNSsec

Help is on the way though: over the last few years, there has been some pretty strong development on DNSsec, a system in which DNS messages would be digitally signed, and could thus be verified for their integrity. This helps solving the second kind of DNS spoofing, because a middle man can not change a DNS message without that being noticed. Still, it does not help if the DNS servers themselves are hacked into, which may be the case in the current situation.

Currently, DNSsec is supported by the one dominant player on the DNS market: BIND. I am planning to add support for DNSsec to Posadis eventually. Also, DNSsec won't be useful until major registrars will start using it. This may take some more years.

The Dutch domain registrars are pretty busy implementing DNSsec, but it's hard to do that until people get a feeling this is a serious problem. Since the whole story of being contacted over IRC by unknown Americans does seem a little remarkable, here's for my little conspiracy theory: the good people at Nlnetlabs, who are pretty busy with DNSsec, are behind this to get the insecurity of DNS out in the media. Think about it: they had the motive, because they want to get DNSsec implemented, and the means: being involved with the Amsterdam Internet Exchange, they could trivially control DNS traffic for specific IP numbers in the Netherlands. Time will tell... This article certainly has helped them getting the DNS security problems noticed by the media. Wonder whether the news tonight is going to mention this...

Wie Is De Mol log

Here's what I think:

29-01-2005: Victoria is the mole!
22-01-2005: Victoria is the mole!
15-01-2005: Yvon is the mole!