uRandom
Thu 30th Nov 2006 @ 10:45 2006: Blair Barcode
a comparison of Tony Blair with Hitler based on policy is fair enough, according to the Advertisting Standards Authority.
Thu 30th Nov 2006 @ 00:25 2006: Spam
I've got a GMail account, which maybe 2 people know about. I never use it, it's just there, in case I need it. As such, I rarely log on to it. I logged on today, to find 124 spam in the past month.
At my main domain (that is, here), I get about 30 "Mail Undeliverable" messsages from MTAs per day, regarding spam sent from ${random}@${mydomain}, and approx 80 actual spam. That might not be too surprising, with a whole *@domain to go at; the 124 random lucky guesses for GMail suggest that spammers are happy to make a heck of a lot of random guesses; my ${1}@gmail.com isn't exactly obvious (full_first_name dot middle_inital dot surname)
Wed 29th Nov 2006 @ 15:16 2006: Slashdot checking for open proxies
Slashdot seem to be checking for open proxies... when you submit a comment, http://slashdot.org/comments.pl submits a GET back to your own IP address (abbreviated slightly):
66.35.250.150 "GET http://it.slashdot.org/ok.txt HTTP/1.0" 403 "-" "libwww-perl/5.803"
66.35.250.150 is Slashdot.
It does this to see what response comes back. If you're posting from an open proxy server, that "403" ("Forbidden") would be a "200" ("OK"), and it would provide slashdot with the "ok" file (if you're curious, http://slashdot.org/ok.txt (and for all the sub-domains, it.slashdot.org in this example) consists of the text "ok")
How do I know this? I just happened to be looking through the log files, and saw the 403 entry shown above.
My firewall is a proxy server to my local network, so mods-enabled/proxy.conf looks like this:
Allow from 192.168.1.0/24
Allow from 127.0.0.1
I added a line to make it appear to Slashdot to be an open proxy (in fact, it will only proxy for Slashdot, nobody else):
Allow from 66.35.250.150/32
(brief aside: The "/32" means that all 32 bits of the IP address are significant, so it will only match that host. The "/24" for my local network says that only the first 24 bits (192.168.1) are significant, with anything from 192.168.1.0 to 192.168.1.255 being proxied)
This has been mentioned on Slashdot last June, with a general apparent lack of interest.
A Google search shows a handful of mentions, again with no real interest shown.
A look at the firewall logs shows that it has not only been accessing port 80 - this seems to be the full list of ports accessed by that IP address recently:
80 81 444 1026 1080 2301
2578 3124 3127 3128 3382
6588 7032 8000 8002 8080
8081 8090
Is it acceptable for a website to in effect, portscan a PC in this way?
Tue 28th Nov 2006 @ 00:17 2006: NPfIT
http://www.lightbluetouchpaper.org/2006/11/27/developments-on-health-privacy/
points to http://www.nhsconfidentiality.org/ which points to http://www.nhsconfidentiality.org/?p=18 which basically says that yes, you can opt out of the NPfIT programme, whereby all NHS staff (and others) can access every detail of your medical history, but only by opting out of the NHS itself.
Nice.
And, er, tell me again why compulsory NHS records are not compulsory ID cards in another form?
Fri 24th Nov 2006 @ 23:27 2006: Windows Vista shutdown ....
I assume that by now, most of the kind of person who would read this blog, if anybody did read this blog, would have seen something of Vista, and at least the horrendous shutdown menu as exhibited to the right.
Joel Spolsky, an ex Microsoftie and general commentator on software development, posted "Choices = Headaches", an article about just how bad this new "feature" is. Do you really need seven choices just to say "that's it, I'm done"?
Moishe Lettvin, who worked on Windows from 94-98 and on Vista from 2002-2006, thinks not. He was the coder who wrote the menu, which he reckons to be a few hundred lines of code at most. It took him ... wait for it ... one year.
I won't give too many spoilers, just that his article is entitled The Windows Shutdown crapfest, and let you read the article for yourself.
The Windows Shell, Kernel and Mobile teams were all involved (each to a very small degree) in this menu. As you can imagine, it's not going to be the major focus of an OS development, so nobody seems to have really cared about it at all. These three teams were six levels of management apart, so (because of the way the build tree works, presumably limited by Windows' limited scalability), it would be months before all these code contributions would combine into a testable combination.
The cost? 8 people in a weekly meeting, for a year, conservative estimated total of 41 people constantly involved in these discussions. The result? The worst shutdown menu in history. Lettvin mentions that his team's UI designer had a Mac to see how UI should be done, and suggests that the other teams used the same approach.
On the one hand, one could say that Microsoft have a right to be upset about these former employees spilling the beans, but the fact is that the seven-option shutdown menu is now a part of the latest version of their Operating System, for no better reason than their own bloated management hierarchy.
Tue 21st Nov 2006 @ 22:33 2006: Police propagating FUD about phone charges
My wife received an email from a friend of ours today. The source was the local police force. The forwarder was a solicitor. I have removed headers to protect the guilty.
I received a warning about this today, you may consider sending it to everyone you know. Let’s not let them get away with it.
Maybe want to pass this on to anyone you know, especially as Christmas is fast approaching. It has been confirmed by Royal Mail.
The Trading Standards Office are making people aware of the following scam:-
A card is posted through your door from a company called PDS (Parcel Delivery Service) suggesting that they were unable to deliver a parcel and that you need to contact them on 0306 6611911 (a premium rate number).
DO NOT call this number, as this is a mail scam originating from Belize.
If you call the number and you start to hear a recorded message you will already have been billed £15 for the phone call.
If you do receive a card with these details then please contact Royal Mail Fraud on 02072396655 or ICSTIS (the premium rate service regulator) at www.icstis.org.uk or your local trading standards office. This is a genuine scam and is under investigation by ICSTIS
It appears that The Sun also propagated the myth today.
How do we deal with such claims? Firstly, go to the ICSTIS website (as correctly quoted in the email, but clearly not actually checked by any of the forwarders): http://www.icstis.org.uk/. From there, click on the For the Public link. See the If you require information about a Parcel Delivery Services chain e-mail you have received, click here link at the bottom of that page, and open the PDF it links to.
You could also see the navigation bar at the left of the website: the third link is how do you recognise premium rate services? (begin with 09, or a 4-5 digit text number, or the new directory enquiry numbers on 118xxx) and how much do premium rate services cost and where does the money go? (max £1.50/minute).
Propagating these myths does nobody any good, they just spread FUD (Fear, Uncertainty and Doubt), and, to be honest, if a solicitor forwards you an email from the police, which says that the Royal Mail and ICSTIS have confirmed it and are investigating, then there's a lot of pressure to believe it.
However, and I don't think that I can possibly overstate this:
it's a load of old bollocks.
Mon 20th Nov 2006 @ 08:02 2006: Here comes the Microsoft FUD
MS FUD - article at Business Review Online
"We've had an issue, a problem that we've had to confront, which is because of the way the GPL works, and because open-source Linux does not come from a company - Linux comes from the community - the fact that that product uses our patented intellectual property is a problem for our shareholders."
"And we agreed on a, we call it an IP bridge, essentially an arrangement under which they pay us some money for the right to tell the customer that anybody who uses SUSE Linux is appropriately covered. There will be no patent issues. They've appropriately compensated Microsoft for our intellectual property, which is important to us. In a sense you could say anybody who has got Linux in their data center today sort of has an undisclosed balance sheet liability, because it's not just Microsoft patents."
"Only a customer who has SUSE Linux actually has paid properly for the use of intellectual property from Microsoft."
“We’ve struck a deal under which we can provide patent agreements to Linux customers in which Microsoft’s intellectual property is respected, and we are appropriately compensated for the use of our intellectual property.”
More here: I liked it better when they were just aggressive
Sun 19th Nov 2006 @ 23:51 2006: New Biometric UK Passports ... cracked already
The Guardian have cracked the new UK passports (warning: seems to want to open a popup window).
Three million Britons have been issued with the new hi-tech passport, designed to frustrate terrorists and fraudsters. So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?
"The Home Office has adopted a very high encryption technology called 3DES - that is, to a military-level data-encryption standard times three. So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'. That is the equivalent of installing a solid steel front door to your house and then putting the key under the mat."
"The problems could get worse when they put fingerprint biometrics on to the passports. There are established ways of making forged fingerprints. In the future, the authorities would like to have automated border controls, and such forged fingerprints [stuck on to fingers] would probably fool them."
So what does this mean in reality? How about corrupting a postman?
"If the rogue postman were to take your passport home, without opening the envelope he could put it against a reader and begin a 'brute force' attack in which your computer tries 12 different permutations every second until it has the right access codes," says Laurie. "A five-digit number would take 23 hours to crack at the most. Once all those numbers were established, you could communicate with the RFID chip and steal all the information. And your passport could be delivered to you, unopened and just a day late."
Nice work from the Guardian clipart guys - it seems that they could only muster up a picture of an old-style passport :(
Wed 15th Nov 2006 @ 23:55 2006: Age of Empires
Microsoft Age of Empires has a nice defintion of success: as standard, it "allows the Trade Monopoly victory condition."
Wed 15th Nov 2006 @ 21:11 2006: Dawkins is an Ass
According to Joshua Allen's blog, Dawkins is an Ass. I tend to agree, whatever argument is necessary to come to that conclusion :-)
Tue 14th Nov 2006 @ 23:06 2006: Global Rich List
You wait 3 days for some misc link propagation and then two come along at once ...
The Global Rich List is a very scary thing to read. I don't know where they get the data from, but the mean is around £500.00 pa
Three billion people live on less than $2 per day while 1.3 billion get by on less than $1 per day.
Tue 14th Nov 2006 @ 22:57 2006: xkcd
Just a quick plug for xkcd.com, which describes itself as "A webcomic of romance, sarcasm, math [sic] and language"
Sat 11th Nov 2006 @ 00:05 2006: Networking
Shameless plug for an alpha-grade article...
I've finally got around to publishing a networking tutorial. It's far from complete, it's aimed at the "I know nothing about networking; get me some know-how so I can get started" crowd, rather like the shell tutorial (but a few years back-dated, so much more simplistic).
For now, it's just supposed to be a "I've got a TCP/IP Ethernet Network; what do those numbers mean?" thing.
Why?
Well, I've tried many times to write a networking tutorial, and every time, I've done what every networking book does - start with the OSI 7-layer model, and then peel away the unnecessary layers, and keep up the excuses as to why this layer doesn't exist, and that layer is, well, sort-of this layer, and sort-of that layer, and so on.
So I had a go at doing away with that model, and just deal with the real world. Windows, Linux, Unix. TCP/IP over Ethernet. Never mind the theory. Just what you need to know to be able to say "Yes, I understand it".
When I put the shell tutorial out in 2000, I had a few years worth of emails correcting my typos, mistakes, errors, and other updates. Indeed, after a few years of silence, only today, I got an email pointing out that tee can mess up function calls (look for an update to the functions page soon).
I had to put this out to the public to keep myself honest. I could have kept an "I think this is right" version to myself until IPv6 became standard, but nobody would have benefited from that.
Hopefully what I have put out so far, should help someone, and those who need more will tell me so.
Call this "Class #1"
So... yes, it lacks many details for now, and probably always will lack in detail (I may do an in-detail version later, but this should always be accessbile).
I don't intend that this should cover all networking features - Token Ring, PPPoA, PPPoE, all the rest of it, but maybe someday. For now, I'll be happy if it's a useful resource for the day-to-day sysadmin. The guy who has to keep machines running, and needs to run some /24, /25, /26 networks.
What I would really like to add, in time, is how to deal with running a (say) /26 network in terms of reverse-DNS, and sorting that out with your ISP. That was a "fun" thing for me. When you can deal with that, and doing it as part of the "public" internet, I reckon that you can deal with a lot of CIDR and internet routing.
That might be "Class #2".
There's more stuff in "Class #3", but I'm still learning it.
I don't know how many classes there are. IRL, it goes beyond Class #5, but that's my limit.
Class #1 is what most people need to know. It's not an easy step, but once you've got it, it seems obvious.
So ...... bring on all the "Steve - you said this was the easy stuff, but you got this totally wrong!"
When those posts start slowing down, I might consider labelling it as 1.x. For the next few months, I expect many updates.
I'm not saying I'm daft (I am), but even this simplistic dealing with the subject is bound to be inherently flawed.
Fri 10th Nov 2006 @ 23:07 2006: Libertarians - woolly wishy-washies?
The "libertarian" tag is easily applied to those who object to ID cards, biometric passports, or even Nectar cards. Guy Kewney has written an (IMHO) excellent article on The Register about why the "I have nothing to hide" approach gets you nowhere; it's no different from Niemöller's poem:
When they came for the communists, I was silent, because I was not a communist;
When they came for the socialists, I was silent, because I was not a socialist;
When they came for the trade unionists, I did not protest, because I was not a trade unionist;
When they came for the Jews, I did not protest, because I was not a Jew;
When they came for me, there was no one left to protest on my behalf.
- Martin Niemöller (1892-1984)
As Kewney points out, the smallest detail, against which we would never think to legislate, can (apparently) point to suspicious behaviour. In reality, it can also point to perfectly legitimate behavoiour, also.
All dogs have four legs. My cat has four legs. Therefore my cat is a dog.
Kewney's article has similar examples from Sainsbury's experience. Sometimes the traits (stopping buying tampons) lead to a certain circumstance (starting buying baby clothes); in other circumstances (the menopause, just for one example) sending baby-clothes vouchers to the woman who has stopped buying tampons would be wholly inappropriate.
Making national security decisions based upon such inferences would be wholly inappropriate.
Mon 6th Nov 2006 @ 12:12 2006: How to install Windows XP in 5 hours or fewer
How to install Windows XP in 5 hours or fewer" - and only 147 steps.
Mon 6th Nov 2006 @ 00:48 2006: UKTVgold
I was just watching Pulp Fiction on UK TV Gold (+1). It is, indeed, a most fine film.
Come Samuel L Jackson's final line:
But I'm trying, Ringo. I'm trying real hard.
You've got to have seen the film to get the significance, but it's pretty key to the whole film, and a damn' fine film it is, too.
The philistines at UK TV Gold add to the display, the message that they will follow this film with a (admittedly good, in its own right) sitcom. "Next: My Family". Do they really have to ruin the build-up of the entire film, as Jackson's character finds his epiphany?
Keeping punters is one thing; if UKTVGold maintain the idea that ruining the previous film's ending will entice me to watch the next 30-minute programme, they are sorely wrong.
Fri 3rd Nov 2006 @ 01:47 2006: Installing OSes
There is much debate going on lately, whether it's about Windows Vista, the state of Linux, the commercial UNIXes and their partitioning technology, about Operating Systems.
What is generally missed, is the end-user's install. Not the enterprise install, that's generally dealt with very well. The home user with cheap, nearly-working kit.
I'm trying to install FC6 onto a box with 128Mb RAM (supported, according to RedHat), and it hangs with no error message.
I'm installing Solaris 10u2 (6/06) onto an Ultra10 (with about half the RAM, no memory problems), but if your CD is faulty twice, you have no choice but to abort the install and start again. Five CDs have to perform with no more than one fault per CD. With my aging CD-RWs, and some new CD-Rs on order, this is problematic at best.
I admit, I am being rather awkward here, in both cases. I'm pushing the cheapest edge, and asking for workarounds to my cheapo hardware decisions on the Solaris side, at least. On the FC6 side, I think I'm entitled to a working install, as I am not hiding behind the cheap hardware (oft-used CD-RW disks) excuse that is causing my Solaris install trouble, but just asking that if the install docs call for 128Mb and I provide a 128Mb machine, then it should (eventually) work.
It does bring another issue to light, though - the cheapo hobbyist user will form an impression of an OS based upon such assumptions, which have no relevance whatsoever in the corporate world. I think the cheapest box I could possibly order for work would have 2GB RAM... My problems with a 128Mb install simply do not exist. Similarly, installing Solaris from 5 old CD-RW disks? You just don't do it, you configure a JET (JumpStart) server, with mirrored 10-15kRPM hard disks.
The gap between enterprise and home is only expanding, as far as I can see. The decreasing price of commodity hardware could not really mean anything else, but the knock-on effect that it can have on all sorts of larger businesses is yet to be seen. Do I see Solaris, FC, or RedHat as weaker because of my experiences? No, because I have seen them in their target environments too. Would someone else have the same balance? Not necessarily.
The best they can hope for is that hardened professionals outweigh the casual observers. Statistically, that is not likely to happen.
Fri 3rd Nov 2006 @ 01:23 2006: SCO yet again
The FUD from the SCO lawsuit raises its fuzzy head yet again...
http://www.theregister.co.uk/2006/11/03/microsoft_novell_suse_linux/
http://linux.slashdot.org/article.pl?sid=06/11/02/1957252
http://online.wsj.com/public/article/SB116249026689311557-helTbrheLKgbaJ5iO5z40ZFCiOs_20061109.html?mod=blogs
The common gist to these stories is that Novell and MSFT are doing some kind of deal that MS will push customers who want Linux towards SuSE, away from RedHat, if they can't secure a Windows deal.
The suggestion is that, with Novell being a previous owner of the UNIX ™ license, SuSE should be clear of the SCO lawsuit. That's not a claim that I have heard aired before with any credibility, and (if we take the assumption that the SCO claim has any basis at all) seems unlikely to matter, at best.
In Summary:
A DEAL HAS BEEN DONE.
A DEAL HAS BEEN REPORTED.
There seems to be very little correlation between these two facts. We shall have to wait and see.
Fri 3rd Nov 2006 @ 00:27 2006: IE7 Takeup
After Microsoft's push of IE7 via Windows Update, 5% of today's Internet Explorer visitors to this site have been using IE7. That's about 2.5% of the site's total visitors, since it's 45% IE, 45% FireFox here.
5% after one day seems like a huge increase... FireFox 2.0 has 25% of the FireFox share, with v1.5 retaining about 45% of that. Maybe that's because it is not forced... I've got 1.5.0.7 and 2.0 installed, and am staying with 1.5 for now, thanks.
Still, I really ought to test with IE7.
Site Links
SGP IT
Programming
»Shell Tutorial
»Networking Tutorial
»Logic Gates
»VxVM
»C Code
»Shell Code
Articles
My CV
SpeedTouch
uRandom
Tell your Friends and Family what you really want.
Links
Mail Me
Hosted by WebQualityHost
Unix shell tips, hints, commands, info.