Most "personal firewalls" manage to get an application name from somewhere. I'm assuming it comes from the product name in the executable image, which seems a bit daft since another program could easily pretend to be Internet Explorer, but I guess the same could be said for calling your malware iexplore.exe or, for Mac, InternetExplorer.
This latest valnerability is more like having an adequate lock but a burgular coming in through a valnerability in your couch. No-one considered the security implementations of the couch, because no-one expected the couch to be a point of entry.
I've not run Doom 3, but I expect what's going on here is that like Quake 3 and all id games before that it tries to update some files in the game data directory when the user changes settings or whatever. Of course, what they should be doing is writting such things to the user's home directory (in "Application Data\Doom 3"), but I reckon an alternative to running as admin would be to either install Doom 3 into your user account's home directory (I normally make "Program Files" and "Games" in the home directory for this purpose) or set the permissions on the game directory so your user account can write to it.
Sadly I've had a lot of experience with making this work because on my family's PC my younger brothers use limited user accounts but they want to play old budget games they've bought from the bargain bin at Game or even badly-designed modern games. For administrative ease, I created a group called "Games Players" which my brothers are members of and then I give write permission for that group rather than having to add both of them explicitly each time.
Much like on a Linux system, a limited user can just shove executables in his or her "home directory" and run them from there. The main thing making this hard right now is that it's very hard to get most applications not wrapped in an "installer" which tries to write DLLs all over the filesystem regardless of what directory you choose to install.
Windows XP "logo-compliant" installers will offer admin users the choice to install for "All Users" (put it in a publically-readable directory) or "Just Me", in which case much of it should end up in the admin's home directory. Limited users can install for "Just Me" only. This is much like me downloading a source tarball on a UNIX system and running./configure --prefix=/home/nurgled/appdir.
Windows features a "Run As..." dialog which can be used to execute a program as a different user than the one logged in. Unfortunately, it's quite hidden. To access it, one must hold down shift and right-click on the icon for the executable (or a shortcut to it) and choose "Run As...". You can then enter the username/password you wish to use and hit OK to start the program.
Of course, it'd be better if it'd just happen automatically when you run something that requires admin privs, such as System control panel or an installer, but in the installer case there are so many different kinds of installer out there that it'd be impossible for Windows to know what's an installer and what isn't. Allowing applications to say "Hey Windows, I need to run as Administrator!" might be a solution, but then most of the worms around masquerade as things the user might want to run anyway, so they'd probably just go ahead and throw in the Administrator password much like they just click "Yes" when Internet Explorer offers to install BonzaiBuddy.
More interestingly, Microsoft has actually put more effort into this than it took for normal Windows XP (they had to write code to limit running applications and strip out networking) and yet it's cheaper? It's like telcos charging you not to strip the caller id information out of the telephone system.
I wasn't talking about automated processing, really. The kind of applications I have in mind involve simply taking one or two specific data sources and performing a very specific operation on that data source. Inter-operability is a bonus, but it's not required. If someone will give me machine-readable data on something I can do all sorts of things with it, but I can't do the same with human-readable data.
To take a trivial example, slashdot's front page isn't especially machine-readable, but the old slashdot.xml file gives a subset of the data there in a predictable, machine-readable format. This means that I am able to, for example, keep an archive of article titles, or whatever. The code I write to do this will be slashdot-specific, but it'll be a lot more reliable in the long term than trying to find that same data in the front page HTML. All sites using the same data format (such as RSS) is a bonus because it makes it easier to perform similar tasks on other sites, but not a requirement for the specific task of archiving slashdot article titles.
Of course, most people aren't the type to just hack up a one-off script to perform a specific task, but for people who do such things having machine-readable data, even if specific to the application or task at hand, makes things much easier.
That's all very well for searching, but searching is only one thing you can do with data. I like the ideas behind the semantic web not for search but instead for processing. If I'm given raw data, I can write tools to do things to that data that the original publisher may not have intended, such as cross-referencing completely different data sources using some linking criteria external to the information given. For example, I might know that the URL of an article on slashdot contains its primary identifier in the database and make use of this. Of course, Berners-Lee is pushing the automated processing angle, but I see it more as a chance to publish more atomic relationships so that humans can write tools for specific processing jobs. It's like the reason why I prefer "real protocols" over HTML interfaces to data such as email.
Of course, there are some people who like to try to obscure things through presentation, such as the product and pricing example you gave. These entities will doubtless continue to publish opaque information that resists analysis, but all it takes is for one person to, possibly manually, collate the data into a more useful form and the efforts are foiled. If people want your data enough, they're going to find a way to get at it.
More importantly, these are dumbed-down semantics. The assertion that a fictional character lives somewhere real needs to be qualified that this occurs in a certain set of fictional stories, not real life. The fact that these unqualified statements are represented in this example ontology means that the ontology is insufficient, not that this method isn't useful.
I've only really skimmed the article, but I think what the author is trying to say is precisely that the kinds of relationships that will be expressed in the Semantic web will be too furry and hazy to draw any useful conclusions with. I'm not sure why he wrote an illogical conclusion afterwards, but his main point is that we (as humans) don't tend to think about relationships in enough detail to express them in sufficient depth to draw useful conclusions from in practice. In reality, many of the relationships we deal with are so complicated that we simply cannot express every detail of them. The semantics will always be dumbed down because there's always one more layer of relationships that have to be expressed for a complete "graph" of the situation.
Sorry to pounce on such a tiny part of your post, but I feel the need to bitch about X-Lite. This "softphone" (aka VoIP client) seems to be the one everyone recommends to the point that it's hard to find any other. Still, it is the most annoying software I've ever had the displeasure to use. By trying to make the interface look like a phone they've created a UI with all of the limitations and annoyances of a phone UI.
It took me ages to get the hang of operating the configuration "dialogs", which are made to work like the heirarchical menus found on mobile phones but do some weird things due to the fact that they are operated with a mouse rather than dedicated navigation keys. Dialling is similarly painful.
What I'd like is a simple application with a UI perhaps like a contact manager, or perhaps just to integrate a dialler into an existing contact manager. Don't bother with the three-by-four on-screen dialling keypad... I have the real thing on my keyboard. Also, the ability to dial by entering a hostname (which is then resolved to an IP) would be nice. Maybe X-Lite can already do this, but it wasn't obvious exactly how to do it so I just gave up.
In general, replicating physical devices as application interfaces is a bad idea. The "media app which looks like a stereo system" people learned their lesson years back, and now it's time for the VoIP client authors to learn as well.
There isn't enough room inside a phone for the lenses necessary to achieve a good picture. Increasing the resolution of the sensors can only do so much.
Windows 95 has an option to change the DPI setting, although it assumes square pixels. What goes wrong is that some applications ask Windows for font sizes in pixels either because they are trying to fit the font into a hole in a bitmap (ie most "skinned" applications) or the programmer just didn't understand the difference between pixels and points.
The solution here is to use modern applications designed with this in mind, of course. I think most common Windows applications in use today correctly use the increased font sizes on a high-DPI display. In fact, I used to live with a friend who used an unusual DPI setting on his monitor and he very infrequently encountered such problems, especially when sticking to "professional" applications.
One thing that does get harder is creating bitmapped graphics for more "normal" displays such as for web sites, but hopefully people will get over bitmaps soon and browsers will implement something like SVG. Windows IE already has that "Office Graphics in XML" thing -- VML, I think -- and it'd be a shame to see that fill the void because no-one bothered to exploit the open standard before the problem became critical.
Fonts like Verdana and the other Microsoft core web fonts were designed to work well at low resolution, so they start to look clunky at higher resolutions due to the design compromises such as where lines are made thicker and more even so that they don't get antialiased away at small pixel sizes. You can see this on normal monitors just by looking at 72pt Verdana: to most eyes, it starts to look "wrong".
Now that display resolutions are approaching print resolutions we can start using traditional fonts like Palatino and Frutiger for our web browsing and UI widgets.
Re:Yes, and cable companies -still- don't show it
on
Ceefax Turns 30
·
· Score: 1
I think all analogue cable services still supply Teletext. Certainly Telewest's does. The problem with Teletext on digital cable is that usually the set-top box is connected to the TV via SCART and not RF, so sending the Teletext stuff to the TV to decode is more of a pain than it was for analogue cable, which just needed to provide the channel as it would have been sent over the airwaves.
It's certainly not impossible, though, as several Sky Digital channels come with teletext attached. The other issue is that many broadcasters are only providing Teletext on their analogue transmissions, so NTL and Telewest digital cable can only provide you with teletext on such channels if they digitise and send the analogue signal, which would probably decrease quality.
Unfortunately, different television sets implemented "fasttext" in different ways, and also sometimes offered other features to "cheat" in this way. One easy one I remember was on my first fasttext set where it had buttons to increment and decrement the teletext search number. It'd wrap when it rolled from 9 to A, but if it was already on A it would happily increment B, C, D etc until it reached F and rolled back to 0.
Another cool one was a TV set I had that would let you press another coloured button while the first one you pressed was still searching. If you were lucky with the transmission timings, you could press all of the buttons in turn and see which one was different to the other three which would be the right answer. Finally, last year I lived with a friend who had an old TV which was fancy for its time. It had cool features like teletext caching, bookmarks and all sorts. It would actually let you switch the fasttext display from the given names to the page numbers, making the cheating trivial. It would also let you enter full hex numbers into the bookmarks system by using increment/decrement as on the first TV I mentioned, but you couldn't enter them directly.
Of course, cheating at a teletext game wasn't really the point, it was just interesting to play around with the teletext system and Bamboozle (a game which I believe is still broadcast today on Channel 4 Teletext) was one of the few things which used un-enterable numbers.
Also interesting is that in the early days they had to limit the number of available pages so that the interval between a particular page being transmitted wasn't too high. I believe the transmission speed was increased at some point which allowed for more pages to be introduced. Also, since there's no rule that the pages must be transmitted in order, pages which must change often or oft-requested pages can be transmitted more frequently. The subtitles on "Page 888" are transmitted more frequently than other pages so that they can be updated in realtime as dialogue proceeds in the programme. I've often thought it'd be fun (although not particularly useful) to recreate something like the teletext system using multicast on the Internet.
Most of the client software my family uses still doesn't support IPv6, so despite the fact that I have my network set up to route IPv6 through 6to4 it rarely gets any use. There's not much point in ISPs supporting IPv6 until a majority of client applications support it too. Just about the only thing I've ever used IPv6 for was pinging a couple of servers to see if it was working and spending a short while as an IPv6 client on an IRC network, but even then I couldn't use my client of choice so I just went back to IPv4 after a week.
Well, it is optional and discloses that Google may be able to track you when asking you to make the decision. When you first install Opera, it asks you to choose between the Google ads or the traditional image-based ads as part of the initial setup.
I'm actually planning to jump ship from Opera to Firefox once I get around to writing some extensions to fill in a few of the gaps that are still left by current extensions to make Firefox act like Opera.
I love Opera in every respect apart from its rendering engine and its stability. Sadly, despite paying for several past major versions of Opera in my current financial situation I can't justify paying for any more in the near future, so making Firefox act like Opera is an alternative I'm looking into. I'd really love to just shove Gecko into Opera 6 (and somehow fix a few of the worst crashing bugs), but that's not allowed of course!
I was talking about replacing one installed version of Windows from a licenced CD with a copy of Windows from someone else's copy on the same PC, so at the end only one PC ends up with it installed.
Still, you make some good points about software licencing in general. Of course, the same can now be said for music and movies, which thanks to near-perfect digital copying can now be distributed at a fraction of the cost that it cost the original creator to make it.
What about if I bought a retail copy of Windows XP, lost/damaged the disk and later installed the same class of Windows XP from a borrowed disc on my new "naked" PC, removing the install on my old PC? As far as I'm aware, retail Windows (unlike OEM Windows) isn't tied to a particular computer. I suppose with the product activation you couldn't get away with this in practice, though, since it would be indistinguishable from you just installing on a second PC without wiping the old one.
The worst part, of course, is that then your address is in the email history of potentially hundreds of people you don't know and can't trust. One or more of these people will most likely do something stupid and end up being a source for To: or From: addresses in lying spam/worm headers and then next thing you know your mailbox is full of either spam, worms or error messages. Or all three.
This is why I don't tell anyone my email address without very careful screening. :)
Common sense says to me that if I've purchased a copy of Windows XP Professional then I've bought a right to use Windows XP Professional, so therefore I should be able to install Windows XP Professional from any install CD, whether it is mine or not, and still be perfectly within my rights as a holder of a licence to use Windows XP Professional.
I'm sure the law doesn't agree with me, but I don't tend to take much notice of laws which don't align with my (quite reasonable) idea of right and wrong. In that situation, on my own machine I wouldn't bad an eyelid and on someone else's machine I'd inform them of the situation (after doing a little more research than I obviously have here) and let them decide, and I'm sure their expectation would align with mine.
Fortunately, I don't use Windows XP Professional, so this will not be a problem I will have to face in the near future.
Slashdot Mirror
Most "personal firewalls" manage to get an application name from somewhere. I'm assuming it comes from the product name in the executable image, which seems a bit daft since another program could easily pretend to be Internet Explorer, but I guess the same could be said for calling your malware iexplore.exe or, for Mac, InternetExplorer.
"Implications", not "implementations". I noticed just after I hit Submit. Sorry; I just got up.
This latest valnerability is more like having an adequate lock but a burgular coming in through a valnerability in your couch. No-one considered the security implementations of the couch, because no-one expected the couch to be a point of entry.
I've not run Doom 3, but I expect what's going on here is that like Quake 3 and all id games before that it tries to update some files in the game data directory when the user changes settings or whatever. Of course, what they should be doing is writting such things to the user's home directory (in "Application Data\Doom 3"), but I reckon an alternative to running as admin would be to either install Doom 3 into your user account's home directory (I normally make "Program Files" and "Games" in the home directory for this purpose) or set the permissions on the game directory so your user account can write to it.
Sadly I've had a lot of experience with making this work because on my family's PC my younger brothers use limited user accounts but they want to play old budget games they've bought from the bargain bin at Game or even badly-designed modern games. For administrative ease, I created a group called "Games Players" which my brothers are members of and then I give write permission for that group rather than having to add both of them explicitly each time.
Much like on a Linux system, a limited user can just shove executables in his or her "home directory" and run them from there. The main thing making this hard right now is that it's very hard to get most applications not wrapped in an "installer" which tries to write DLLs all over the filesystem regardless of what directory you choose to install.
Windows XP "logo-compliant" installers will offer admin users the choice to install for "All Users" (put it in a publically-readable directory) or "Just Me", in which case much of it should end up in the admin's home directory. Limited users can install for "Just Me" only. This is much like me downloading a source tarball on a UNIX system and running ./configure --prefix=/home/nurgled/appdir.
Windows features a "Run As..." dialog which can be used to execute a program as a different user than the one logged in. Unfortunately, it's quite hidden. To access it, one must hold down shift and right-click on the icon for the executable (or a shortcut to it) and choose "Run As...". You can then enter the username/password you wish to use and hit OK to start the program.
Of course, it'd be better if it'd just happen automatically when you run something that requires admin privs, such as System control panel or an installer, but in the installer case there are so many different kinds of installer out there that it'd be impossible for Windows to know what's an installer and what isn't. Allowing applications to say "Hey Windows, I need to run as Administrator!" might be a solution, but then most of the worms around masquerade as things the user might want to run anyway, so they'd probably just go ahead and throw in the Administrator password much like they just click "Yes" when Internet Explorer offers to install BonzaiBuddy.
More interestingly, Microsoft has actually put more effort into this than it took for normal Windows XP (they had to write code to limit running applications and strip out networking) and yet it's cheaper? It's like telcos charging you not to strip the caller id information out of the telephone system.
It's a wacky world we live in.
I wasn't talking about automated processing, really. The kind of applications I have in mind involve simply taking one or two specific data sources and performing a very specific operation on that data source. Inter-operability is a bonus, but it's not required. If someone will give me machine-readable data on something I can do all sorts of things with it, but I can't do the same with human-readable data.
To take a trivial example, slashdot's front page isn't especially machine-readable, but the old slashdot.xml file gives a subset of the data there in a predictable, machine-readable format. This means that I am able to, for example, keep an archive of article titles, or whatever. The code I write to do this will be slashdot-specific, but it'll be a lot more reliable in the long term than trying to find that same data in the front page HTML. All sites using the same data format (such as RSS) is a bonus because it makes it easier to perform similar tasks on other sites, but not a requirement for the specific task of archiving slashdot article titles.
Of course, most people aren't the type to just hack up a one-off script to perform a specific task, but for people who do such things having machine-readable data, even if specific to the application or task at hand, makes things much easier.
That's all very well for searching, but searching is only one thing you can do with data. I like the ideas behind the semantic web not for search but instead for processing. If I'm given raw data, I can write tools to do things to that data that the original publisher may not have intended, such as cross-referencing completely different data sources using some linking criteria external to the information given. For example, I might know that the URL of an article on slashdot contains its primary identifier in the database and make use of this. Of course, Berners-Lee is pushing the automated processing angle, but I see it more as a chance to publish more atomic relationships so that humans can write tools for specific processing jobs. It's like the reason why I prefer "real protocols" over HTML interfaces to data such as email.
Of course, there are some people who like to try to obscure things through presentation, such as the product and pricing example you gave. These entities will doubtless continue to publish opaque information that resists analysis, but all it takes is for one person to, possibly manually, collate the data into a more useful form and the efforts are foiled. If people want your data enough, they're going to find a way to get at it.
I've only really skimmed the article, but I think what the author is trying to say is precisely that the kinds of relationships that will be expressed in the Semantic web will be too furry and hazy to draw any useful conclusions with. I'm not sure why he wrote an illogical conclusion afterwards, but his main point is that we (as humans) don't tend to think about relationships in enough detail to express them in sufficient depth to draw useful conclusions from in practice. In reality, many of the relationships we deal with are so complicated that we simply cannot express every detail of them. The semantics will always be dumbed down because there's always one more layer of relationships that have to be expressed for a complete "graph" of the situation.
Sorry to pounce on such a tiny part of your post, but I feel the need to bitch about X-Lite. This "softphone" (aka VoIP client) seems to be the one everyone recommends to the point that it's hard to find any other. Still, it is the most annoying software I've ever had the displeasure to use. By trying to make the interface look like a phone they've created a UI with all of the limitations and annoyances of a phone UI.
It took me ages to get the hang of operating the configuration "dialogs", which are made to work like the heirarchical menus found on mobile phones but do some weird things due to the fact that they are operated with a mouse rather than dedicated navigation keys. Dialling is similarly painful.
What I'd like is a simple application with a UI perhaps like a contact manager, or perhaps just to integrate a dialler into an existing contact manager. Don't bother with the three-by-four on-screen dialling keypad... I have the real thing on my keyboard. Also, the ability to dial by entering a hostname (which is then resolved to an IP) would be nice. Maybe X-Lite can already do this, but it wasn't obvious exactly how to do it so I just gave up.
In general, replicating physical devices as application interfaces is a bad idea. The "media app which looks like a stereo system" people learned their lesson years back, and now it's time for the VoIP client authors to learn as well.
There isn't enough room inside a phone for the lenses necessary to achieve a good picture. Increasing the resolution of the sensors can only do so much.
Windows 95 has an option to change the DPI setting, although it assumes square pixels. What goes wrong is that some applications ask Windows for font sizes in pixels either because they are trying to fit the font into a hole in a bitmap (ie most "skinned" applications) or the programmer just didn't understand the difference between pixels and points.
The solution here is to use modern applications designed with this in mind, of course. I think most common Windows applications in use today correctly use the increased font sizes on a high-DPI display. In fact, I used to live with a friend who used an unusual DPI setting on his monitor and he very infrequently encountered such problems, especially when sticking to "professional" applications.
One thing that does get harder is creating bitmapped graphics for more "normal" displays such as for web sites, but hopefully people will get over bitmaps soon and browsers will implement something like SVG. Windows IE already has that "Office Graphics in XML" thing -- VML, I think -- and it'd be a shame to see that fill the void because no-one bothered to exploit the open standard before the problem became critical.
Fonts like Verdana and the other Microsoft core web fonts were designed to work well at low resolution, so they start to look clunky at higher resolutions due to the design compromises such as where lines are made thicker and more even so that they don't get antialiased away at small pixel sizes. You can see this on normal monitors just by looking at 72pt Verdana: to most eyes, it starts to look "wrong".
Now that display resolutions are approaching print resolutions we can start using traditional fonts like Palatino and Frutiger for our web browsing and UI widgets.
I think all analogue cable services still supply Teletext. Certainly Telewest's does. The problem with Teletext on digital cable is that usually the set-top box is connected to the TV via SCART and not RF, so sending the Teletext stuff to the TV to decode is more of a pain than it was for analogue cable, which just needed to provide the channel as it would have been sent over the airwaves.
It's certainly not impossible, though, as several Sky Digital channels come with teletext attached. The other issue is that many broadcasters are only providing Teletext on their analogue transmissions, so NTL and Telewest digital cable can only provide you with teletext on such channels if they digitise and send the analogue signal, which would probably decrease quality.
Unfortunately, different television sets implemented "fasttext" in different ways, and also sometimes offered other features to "cheat" in this way. One easy one I remember was on my first fasttext set where it had buttons to increment and decrement the teletext search number. It'd wrap when it rolled from 9 to A, but if it was already on A it would happily increment B, C, D etc until it reached F and rolled back to 0.
Another cool one was a TV set I had that would let you press another coloured button while the first one you pressed was still searching. If you were lucky with the transmission timings, you could press all of the buttons in turn and see which one was different to the other three which would be the right answer. Finally, last year I lived with a friend who had an old TV which was fancy for its time. It had cool features like teletext caching, bookmarks and all sorts. It would actually let you switch the fasttext display from the given names to the page numbers, making the cheating trivial. It would also let you enter full hex numbers into the bookmarks system by using increment/decrement as on the first TV I mentioned, but you couldn't enter them directly.
Of course, cheating at a teletext game wasn't really the point, it was just interesting to play around with the teletext system and Bamboozle (a game which I believe is still broadcast today on Channel 4 Teletext) was one of the few things which used un-enterable numbers.
Also interesting is that in the early days they had to limit the number of available pages so that the interval between a particular page being transmitted wasn't too high. I believe the transmission speed was increased at some point which allowed for more pages to be introduced. Also, since there's no rule that the pages must be transmitted in order, pages which must change often or oft-requested pages can be transmitted more frequently. The subtitles on "Page 888" are transmitted more frequently than other pages so that they can be updated in realtime as dialogue proceeds in the programme. I've often thought it'd be fun (although not particularly useful) to recreate something like the teletext system using multicast on the Internet.
Most of the client software my family uses still doesn't support IPv6, so despite the fact that I have my network set up to route IPv6 through 6to4 it rarely gets any use. There's not much point in ISPs supporting IPv6 until a majority of client applications support it too. Just about the only thing I've ever used IPv6 for was pinging a couple of servers to see if it was working and spending a short while as an IPv6 client on an IRC network, but even then I couldn't use my client of choice so I just went back to IPv4 after a week.
Well, it is optional and discloses that Google may be able to track you when asking you to make the decision. When you first install Opera, it asks you to choose between the Google ads or the traditional image-based ads as part of the initial setup.
It's not so bad.
I'm actually planning to jump ship from Opera to Firefox once I get around to writing some extensions to fill in a few of the gaps that are still left by current extensions to make Firefox act like Opera.
I love Opera in every respect apart from its rendering engine and its stability. Sadly, despite paying for several past major versions of Opera in my current financial situation I can't justify paying for any more in the near future, so making Firefox act like Opera is an alternative I'm looking into. I'd really love to just shove Gecko into Opera 6 (and somehow fix a few of the worst crashing bugs), but that's not allowed of course!
Opera already does that if you enable the Google TextAds feature... with Google, no less.
I was talking about replacing one installed version of Windows from a licenced CD with a copy of Windows from someone else's copy on the same PC, so at the end only one PC ends up with it installed.
Still, you make some good points about software licencing in general. Of course, the same can now be said for music and movies, which thanks to near-perfect digital copying can now be distributed at a fraction of the cost that it cost the original creator to make it.
Well mine, obviously. Duh.
What about if I bought a retail copy of Windows XP, lost/damaged the disk and later installed the same class of Windows XP from a borrowed disc on my new "naked" PC, removing the install on my old PC? As far as I'm aware, retail Windows (unlike OEM Windows) isn't tied to a particular computer. I suppose with the product activation you couldn't get away with this in practice, though, since it would be indistinguishable from you just installing on a second PC without wiping the old one.
The worst part, of course, is that then your address is in the email history of potentially hundreds of people you don't know and can't trust. One or more of these people will most likely do something stupid and end up being a source for To: or From: addresses in lying spam/worm headers and then next thing you know your mailbox is full of either spam, worms or error messages. Or all three.
This is why I don't tell anyone my email address without very careful screening. :)
Common sense says to me that if I've purchased a copy of Windows XP Professional then I've bought a right to use Windows XP Professional, so therefore I should be able to install Windows XP Professional from any install CD, whether it is mine or not, and still be perfectly within my rights as a holder of a licence to use Windows XP Professional.
I'm sure the law doesn't agree with me, but I don't tend to take much notice of laws which don't align with my (quite reasonable) idea of right and wrong. In that situation, on my own machine I wouldn't bad an eyelid and on someone else's machine I'd inform them of the situation (after doing a little more research than I obviously have here) and let them decide, and I'm sure their expectation would align with mine.
Fortunately, I don't use Windows XP Professional, so this will not be a problem I will have to face in the near future.