Friday, 16 February 2018

Hungary wants money

I got an email from the tax office in Hungary. They are saying that although I declared my VAT owing to them on Q1 2017 as 9.65 euros, I haven't paid them.

I have, of course, via the HMRC MOSS system, which lets me pay my VAT to all the EU countries as soon as I've calculated how much is should be. I pay it all in one lump, for all 27 EU countries (UK vat is paid in a different way) to HMRC, and they are supposed to take it from there.

This is annoying. I'm also being chased by the Italian tax office; they claim that in 2015 Q1, I paid the VAT three months late. Again, I didn't. I paid via HMRC's Vat Moss. So, three years later ...

Although I do believe that staying in the EU would be best for the country, these erroneous demands for small amounts of money are starting to annoy me. Just think, from 1 March 2019, I won't have to pay VAT to EU members. Or will I? No-one knows what will happen.

Another scammer

This one is with BT, at least that's what he claimed. Apparently, my IP address is being used in California. Oh no! So ...

First, he established that I have a computer. But I dn't know what browser I'm using. He suggested a few, but dopey me, I just don't know. So then he told me to find the Ctrl key. "Hold on," I said.

After a few minutes, I cme back. And then he wanted to know what key was next to it. He's looking for the Windows key, which my beautiful IBM Model S, vintage 1983, does not have. But I lied to him, and said, after a few minutes pause, "there's a sort of squarey squidgy thing".

At that point, he realised that the computer wasn't next to the phone. So he suggested I move the phone. No can do, there isn't a phone point where the computer is. So do I have a mobile? No.

So I suggested that I move the computer to where the phone is. Fun fun fun.

So then I left him waiting for five minutes, while I "moved the coputer". He called again, and I told him that he just interrupted me moving the computer because I went to answer the phone. "Do you do internet banking," he asked. I told him I did, just to get him excited.

Because I'm pretty sure I know this scam. He wants me to install a RAT (remote access tool) so he can take over my computer, install his trojan, and then charge me money to remove it, which he won't do anyhow. I've been here before.

So now I've moved the computer, but I haven't moved the screen yet. We had a lottle chat about that. These CRT screens are *heavy* and it takes a long time to move them, especially for an old geezer like me. Puff puff. And the keyboard.

And when it's moved, I have another disappointment for him ...

He wanted me to connect to, which, I guess, he wants me to think is a BT site. I checked the whois, it's a Czech company. I've emailed them to alert them to the problem.

The internet connection is back where the computer used to be.

So he told me to take the computer back there. But that was after a riff that I dn't really understand, when he was asking me to look at the bottom left hand corner of the screen which is where the time is? Only it isn't. Maybe his version of windows is different from mine.

So now I'm "taking the computer back again" ...

So now, as if by magic, I'm able to sit in front of the computer and use the phone. So he talked me through starting up a run box (Windows-R) and

And the computer rebooted.

So he took me through the same process again

And the computer rebooted again.

So he took me through the same process again

And the computer rebooted again.

 So he passed me over to his manager, Mark Roger. Who got me to run Google, and do a search on "my 1p address" (not my ip address!).
IP Address66.249.79.92 [Hide this IP with VPN]
IP LocationMountain View, California (US) [Details]    

OMG! He's right! Time to panic ... (actually, it's a googlebot).

So he sent me to And the computer rebooted.

He told me that this is caused by the "hackers" locking me out from the british-telecom web site. 

He thought that maybe it is a loose power cable. So he got me to unplug and plug it back in.
And I was a bit clever here; I unplugged both ends of the cable and plugged it back in. Not excessively clever, though - I didn't switch it back on until he told me to.

So then it rebooted, and Windows came back up, and I told him that, abd he said "yes yes" and then the phone line went dead.

Am I rumbled?

Thursday, 15 February 2018

Going SSL, part 2

The two sites I upgraded seem to have gone well, so I did all the others. That turned out to be more complicated, because some of them are spread over more than one computer, and some of them have subdomains.

And then I decided to upgrade one of the computers, which was running Fedora 9, to the current Fedora 27. And that included upgrading the version of perl, and the newer version of perl has things that are no longer allowed, such as defined %array. So I had to change that.

Also, if a page includes something dragged ni from another site, then if that other site isn't using https, then the whole page shows up as "insecure".

So I've fixed that where I can, but in some places, it actually can't be fixed. That's usually a page that references a graphic from another site

Saturday, 10 February 2018

Going SSL

Chrome have announced that, come  July 2018, which is only six months away, if the browser accesses a site using http instead of https, it will be flagged as "Not secure".

For most sites, it really doesn't matter much if a site is secure or not. After all, we've been just fine using http for decades now, and only insisted on https when using Paypal or your bank, that sort of thing.

What https gives you, is end-to-end encryption. So the content coming from the remote server to your computer, is encrypted before it leaves the server, and only decrypted when it reaches your computer. So the picture of a kitten that you're viewing, is safe from prying eyes in between.

There are obvious advantages in increasing internet security. Firefox are moving in this direction too. But this is going to have a big impact on some sites, because if you don't move from http to https, that "Not secure" flag in the browser URL bar, is going to worry some (maybe most) users, who won't really know the implications, except that "Not secure" sounds really bad.

So I've started to get ready for this.

First, I've recompiled and reinstalled Apache so that it includes support for https. But then, each site that I manage will need a certificate. That certificate will tell Apache how to do the encryption.

Usually, these certs aren't cheap - you might pay $50 per year, per site. But there's a way round it. Let's Encrypt offer free certs. These aren't as flexible as the certs that you pay for - my paid-for cert on my Secure Server (the one I use to collect money from people) not only drives the encryption, it also reassures the user that I am who I say I am (if they know how to look at the cert, and I doubt if anyone ever does).

So, last November, after I installed the https version of Apache, I applied for a few dozen certs. It was a bit tedious setting this up, but I soon had it pretty much sorted, and that gave me all the certs I need, for free. They only last three months, but updating them is also free, and it's a lot easier to update them that to get them in the first place. You do

getssl -a

And it takes a while, but after several minutes, I was all updated.

Next, I needed to change the Apache config files, to tell it two things. First, where the certs were. Second, that I wanted it to use port 443 (that's the https port) as well as 80. And thirdly, I told it that if any user asked for an http connection, then it should switch to an https connection. That means I won't have to change a humungous number of links, both on my web sites, and scattered all over the internet. To do this, I used redirect.

Redirect permanent /

This redirect is so permanent, that Firefox, once it's seen it, remembers it, like, forever (there is a way to clear Firefox's memory of that). That caused me immense problems, because I hadn't known this, and my first effort was slightly wrong, and when I fixed the mistake, Firefox was still going to the wrong place, and I spent a lot of anguish and elbow grease trying various things to fix a problem that I had already fixed, dammit, except that Firefox carried on redireccting to the wrong place, until I cleared it's mistaken redirect.

So, I've changed two web sites over to being all https. I'll wait and see if there's any unpleasant side effects, but I don't think there will be, and I'll change everything else to https.

If you have a web site, you should also change over before July 2018.

Tuesday, 6 February 2018

Gold scam

Dear Sir/Madam

We are village local gold miners located here in Mali in West
Africa we hereby make this offer of au metal gold dust under the penalty
of perjury with full responsibility. the purity bellow.

The purity bellow.
1. Product:Au metal (gold dust)
2. Origin:mali,west africa
3. Type: alluvial
4. Purity:92.7% or better
5. Carats:22+
6.Pirce $26,500 USD

We are searching for a serious gold buyer,whom we can establish a long
term business with,to enable us discuss the procedures of delivery and
payments,you know that the local minners has not being to school in this
case they don't understand the baking procedures about gold,now is you
or your mandate will explain to us how you will want the business to be. i
want you and your company to be my AGENT.

Best regards.
Mr Mohammed Alpha