Wednesday 30 December 2015

Center Parcs Wifi

So here I am at Center Parc, blogging via their wifi.

Unlike the Eurodisney wifi, it's a good one. I just fired up my browser, their system welcomed me, and then got out of the way. I can use http and ssh, which is all I need.

Unlike Eurodisney.

When we went to Eurodisney, they decided to censor their guests, so I couldn't reach the servers I needed to log into. I complained, to no avail, so I worked out a workaround.

Disney censors on the basis of domain names. So I set up a domain name on my hosts file, with the translation to the IP address I needed. The Disney censor let that through - what a puny censor. A proper censor would also censor on the basis of IP addresses. It's easy to do that if you're already censoring via domain name.

It reminded me of the time I tested censoring software for PCs. I installed it, and tried to use my computer as normal. But when I needed to buy some nuts and bolts, I went to my usual supplier for such things, and the censoring software blocked access. My usual supplier is "Screwfix". The software decided, on the basis of the word "screw" that it must be a porn site.

So, back to Center Parcs. We just competed in a "pub quiz". 90% of the questions were either sport or popular culture, and if the answer isn't 1966 or Britney Spears, I'm lost.

But one of the rounds was called "Maths" and great things were expected of me, as two of my degrees are in maths, and the other two are maths-related. The reality was disappointing for four reasons.

The first disappointment was that the questions were simple arithmetic, such as you can do in your head in a couple of seconds.

The second disappointment was a puzzle where the setter hadn't heard of BEDMAS which made the apparent answer nonsensical. Fortunately, there was someone there who said he was a maths teacher and pointed out that it was nonsense. Unfortunately, I realised it was a BEDMAS failure and was able to work out the right answer.

The third disappointment was another BEDMAS failure. Again, the maths teacher pointed out the failure; again I was able to work out what the puzzle setter should have doe, and got the right answer.

The fourth, and worst disappointment was that the quizmaster decided to award ten points for that series to everyone, whether they got it right (as we did) or not (a everyone else did). And so defeat was snatched from the jaws of victory and we got a very pathetic average score.

Oh well. It's only a game.

Tuesday 29 December 2015

People are good

When I get off the bike and start looking for a cache, I often lay the bike down. That's because on many surfaces, using the kick stand leads to the bike falling over, which can cause damage, especially to the gps holder.

Sometimes, a car will come alongside, and ask if I'm OK. This is because my bike looks as if I've had an accident, and I'm standing around looking rather random, because I don't really want a car driver to see me looking for a cache.

I perceive this as part of the innate goodness of people. They really are concerned that I've come off the bike and might be injured. I get this from both men and women, old and young.

So I say to them something like "Thanks for asking, I'm fine, I'm just haveing a short rest" and they go on their way.

Monday 28 December 2015

Hartley Heart Attack, part 7

A big bite today! I did as many caches as I am years old, cruising around East Hatley.

No DNFs.

Saturday 26 December 2015

Christmas presents

Walking boots. Toothbrush. Gloves. Pliers. Side cutters. Hand warmers. Warm merino mid-shirt. 2016 Calendar Challenge. ASBO t-shirt.

And about 50 books!

Merry Christmas

Ate too much. Laughed a lot. Ate some more. Played Pie Face.


Thursday 24 December 2015

New alarm clock

My old travel alarm clock is analog, and although it keeps good tome, it's almost impossible to set the alarm time. So I thought I'd get a new one. My first stop was, of course, Ebay.

So I bought one of these.
It's £2.01; stuff is so cheap these days! I remember about 30 years ago, something like this would have been £100. 50 years ago, there was nothing like it; ther were only analog clocks. I find it hard to sleep with something ticking near my ear.

I avoided the usual Ebay switch-selling ploy. There's a lot of alarm clocks on Ebay that apparently cost 99p, but when you look, the 99p is for a clock with no alarm, and the alarm version costs £4.31. I really dn't like this switch-seling game, and avoid buying from people who use it.

Wednesday 23 December 2015

Hartley Heart Attack, part 6

I haven't been out for a while; I've been off with a pain in my heel, and I didn't want to make things worse by walking on it. But the pain seems to have gone. On the other hand, my left wrist is still weak. Fortunately, I didn't need to do any bike lifts today.

I did another small bite of this great series, followed by a circuit of nearby caches.

At one point, I had a big problem. I was going down a bridleway with thick hedging and woods on either side, and I came to a point where the way was totally blocked by a treefall.

I went back a few yards, and was able to force my way out to the field on the left, and I progressed along there until I rejoined the end of the bridleway.

39 caches done today, 2 DNFs and three caches that deserved a favourite point.

Tuesday 22 December 2015

British Gas - A/c No. 602131633 - New Account

It isn't from British Gas, of course. Or from Topsource.

From: trinity <>
Subject: British Gas - A/c No. 602131633 - New Account
Hi ,

Please refer to the attached invoice from British Gas, the account number on it is different
from all the account numbers that we currently have in the system. Can you confirm if this is a
new account so that we will create this in system.

Thanks & Regards,

Pallavi Parvatkar

Trinity Restaurants Accounts Team | TopSource Global Solutions | 020 3002 6203
4th Floor | Marlborough House | 10 Earlham Street | London WC2H 9LN |

And why would a British Gas invoice come from Trinity Restaurants Accounts Team?

SHA256:    4fd0c87920c10568e2f39b3a62c6a61956beb6c638531a651a7a94a551ced259

Jotti - 3 out of 21 flagged it; Ikarus, Kaspersky and Quick Heal.
Metascan - 2 out of 43; Baidu and Kaspersky
Virustotal - 3 out of 54; Fortinet, GData and Ikarus

Virustotal first saw it 2 hours ago. And that's why antivirus products don't flag the files that are sent via email.

Monday 21 December 2015

Two steps to better security

It's Christmas and I've just read my third "Twelve steps to better computer security" article. The authors are optimists. People don't care enough about computer security to take twelve steps - you'll be lucky if you can get them to take one. I'm going to be optimistic, and give you two.

1) Take backups. Your computer *will* fail; your hard drive *will* stop working; your phone *will* break. Did you think that hardware lasts for ever? You need a copy of everything important to you, in a different place.

2) Malicious software. I'd estimate that about 90% of the problem is incoming emails, 10% is web sites that want to take over your computer. I could tell you not to open attachments, but you won't listen. So change your settings in MS Word and Excel so that macros do not run. And install an ad blocker and a javascript blocker (I use uBlock Origin and NoScript)  in your browser.

Have a Merry Christmas!

The shortest day

From now, the days start getting longer, Hurrah!

Sunday 20 December 2015

Dead monitor

One of the LCD monitors that I use for a rolling display of time, temperature and server performance, died.

The Raspberry Pi suffered a kernel panic, and when I rebooted the Pi, there was no display. On investigation, it turned out that the monitor had died.

No biggie.

I remember buying a 12 inch CGA (320 by 200 pixels if you wanted four colours) for £400.
Today on Ebay, I bought a 17 inch 1280 by 1024 pixels, 16 million colours flat panel display for £18, including delivery.

 ... later ...

The monitor arrived. Although the title and description said that it had a DVI interface, it doesn't. I've emailed the vendor to see what can be done.

Saturday 19 December 2015

Father Zbigniew Kowalczyk's blunder

IIn a village in Italy, Father Zbigniew Kowalczyk explained to childeren the difference between Jesus Christ and Father Christmas. Somehow, the children got the idea that Father Christmas doesn't exist, and the parents are angry.

As well they might be.

Father Kowalczyk is wrong. There is no difference between Jesus Christ and Father Christmas. Both of them are imaginary friends based on the possible existence of real people; both of them know if you're naughty or nice, and both of them reward niceness and penalise naughtyness.

I think that telling children about Father Christmas is actually a good and important idea. It's right that very small children should believe and obey their parents - they won't survive if they don't. There are all sorts of ways you can get badly hurt in this world; cars, electricity and fire for example. But as children get older, it's even more important that they gradually learn to think for themselves, and there must come a day when they leave home, and cannot rely on their parents for all guidance.

At the time when children begin to suspect that Father Christmas isn't real, they come to realise that their parents aren't entirely straight with them about certain important things, and just as one invisible friend turns out to be fake, so do others. It's the beginning of thinking for yourself, and realising that not everything that adults tell you is true.

Thursday 17 December 2015

Double Your IQ With This Supplement

From: Doctor Oz Geniux <>
Subject: Double Your IQ With This Supplement

Forbes Called This Supplement Something That Can Make You "The Quickest Thinker On The Planet"

Discover Magazine's Senior Chief Editor checked this supplement and tested it for 4
Look at what he found.

Improve Your:
- Concentration by up to 300%
- Creative Thinking
- Energy
- Memory Recall
- IQ Scores by 77%


Just one capsule a day. What are you waiting for?

Unfortunately, I'm already too intelligent to believe this. Also, I'd have to widen all the doors to get my head through.

Heresy! Light the bonfire!

Wheaton College is a fundamentalist Christian college in America (where else?). They've just put Larycia Hawkins on "administrative leave". Why?

Most of the articles I've read about this, show the picture above, and say things like "after she wore a hijab". Which implies that wearing the hijab was the cause. But it wasn't.

Here's what she said. “as Pope Francis stated last week, [Christians and Muslims] worship the same God.”

This, to a fundamentalist christian, is anathema. Heresy. She's lucky they aren't burning her - they stopped doing that quite a while back.

 A) Fundamentalist Christians do not believe that Allah and Jehovah are the same. Saying that they are, is heresy. Wheaton's dogma is that Jesus is god, and since Jesus isn't Allah, she's contradicting their dogma.

B) Possibly worse, is citing the Pope as a faith leader. Not to protestants, he isn't.

By the way, a worse thing she did, in my opinion, was to ask the Council on American-Islamic Relations whether non-Muslims wearing the hijab is forbidden. If I want to wear a scarf on my head, I will do so without consulting any faith group, and I will do it even if there's a faith group that regards it as forbidden. The rules for your faith, do not apply to me.

I think that Larycia is in the wrong. If she wants to teach at a fundamentalist Christian college, she has to conform to their dogma, just as if you want to be a catholic priest, you have to accept transubstantiation (that's the thing where a biscuit and wine actually change to become human flesh and blood). If you don't accept the basic doctrines, you can't be a priest, just as if you can't program in perl, you can't be a perl programmer.

I once met a chap who used to be a priest. He decided that it was all piffle (the way he put it, "I lost my faith") so he left and became a driving instructor. Good for him!

Larycia, you must recant, recant and abjure the devil and all his works. Then you can have your job back. And no mumbled  "Eppur si muove".

Or else go work for a proper college.

Bad grammar

Dear Customer,

During our usual security enhancement protocol, We observed multiple login attempt error while login in to your Amazon account .

We have believed that someone other than you is trying to access your account for security reasons,

We have temporarily suspend your account and your access to online Amazon and will be restricted if you fail to update

  Click here  

Appalling grammar. Don't let anyone tell you that it's a waste of time learning good grammar. If you ever get into the scam business, you'll need it.

By the way, the link leads to I didn't bother to go there.

Pi 2

I've been using a Raspberry Pi for email processing. I like using Pis for this sort of small job, they're low power and take up little space.

I have a computer that accesses all the different places that I get mail sent to - for example, I still have an AOL address! It's free, so there's no real point in cancelling it. The Pi uses fetchmail to pick up the email from these various places (using IMAP). Then it runs all the email through the spam filter I wrote (described elsewhere in this blog). Finally it sorts it into alphabetical order (I find that a lot more convenient than date order) and then I use alpine (a clone of pine) to read it. I use pine because it isn't accessed via a browser. It just shows me the text. This means that A) any malicious stuff that a browser would respond to, just doesn't happen, and B) the little invisible things that tell the sender that the email has been opened by a browser, don't work.

But sometimes I get such a flood of email that the Pi has trouble keeping up. That would happen if, for example, something goes horribly wrong with my comms, and I start getting 20 alerts per minute telling me that my servers can't be contacted.

Also, some emails need a lot of processing; for example when there's a lot of attachments (and sometimes I do want to look at attachments).

So I've replaced the Pi with a Pi 2, with twice as much memory and (according to what I've read) six times the processing speed.

It would have been nice to just take out the SD card from the Pi and put it in the Pi 2, but the Pi uses a full size SD card, and the Pi 2 uses a teeny tiny SD card. So I had to load the new card up with all the necessary processing software, which wasn't too bad.

apt-get --assume-yes install sendmail
apt-get --assume-yes install dcfldd
apt-get --assume-yes install rdate
apt-get --assume-yes install vsftpd
apt-get --assume-yes install samba
apt-get --assume-yes install samba-common-bin
apt-get --assume-yes install rsync
apt-get --assume-yes install espeak
apt-get --assume-yes install sox
apt-get --assume-yes install alpine
apt-get --assume-yes install fetchmail
apt-get --assume-yes install nfs-kernel-server nfs-common rpcbind
apt-get --assume-yes install apache2  
apt-get --assume-yes install bind9  bind9utils dnsutils
apt-get --assume-yes install dnsmasq
apt-get --assume-yes install lighttpd

And then LockFile-Simple-0.208.tar.gz  Mail-Procmail-1.08.tar.gz  MailTools-2.12.tar.gz

Also perl5/URI, perl5/Lingua, lame and mary (for text-to-speech)

It's all working fine.

Another malware

Date: Thu, 17 Dec 2015 16:40:00 +0800
From: Leona Shields <>
Subject: 12/16 A Invoice

Please find attached a recharge invoice for your broadband.

Many thanks,
Leona Shields

The from-name and from-email address is different each time.
 SHA256: a93233dea9b85c139562ee6ccfcbfe787105e721e6a1f1961e4c031d211a9b99 File name: invoice18216191.doc

This says that it's a doc file, but actually it's a mime-encoded mso (Microsoft office) file.

Virus Total: 52 products pass it as clean
Payload security: Thinks it's a text file, won't scan it.
Metascan: Preventon flags it, 41 products pass it as clean
Jotti: Flagged by Kaspersky, Sophos and Quick Heal,  18 products pass it as clean

 Virus Total first saw it 20 minutes ago.

The reason so many products pass it as clean will be partly because it's only arrived so recently, and partly because of the cunning mime-encoding. I'm guessing that Windows Word will automatically decode and load it (if it didn't, there would be no point in emailing it out.)

Update a few minutes later ...

VirusTotal says that Sophos flags it as CXmail/OleDl-A

Wednesday 16 December 2015

Slight nose bleed

It's ages since I've had a nose bleed. I don't know if I'm particularly prone to this, because I don't know how often other people get this. It was only a few drops, and I caught it on a tissue. Wow, it's so red! A lovely colour.

But not something I want to see.

The non-arrival of the boots

I ordered a pair of boots from Amazon. Or rather, it was from a vendor selling via Amazon. I ordered on the 20th November, they should have arrived by December 1, but they didn't. I gave them a couple more weeks, then contacted the vendor, explaining the problem.

They said that it had got lost in transit, and sent me a form to fill in and sign, so I printed it out, filled it in, signed it and emailed it back, asking for a replacement.

We'll see what happens next. Fortunately, I'm not in a hurry for these, they're to replace my spare boots which have developed a small fault.

 ... later ...

The boots had arrived, and I'd forgotten. So I've emailed the vendor to tell them not to send a another pair.

... later ...

Urghhh! Amazon have just emailed me to tell me they've given me a refund. I didn't ask for a refund. My whole correspondence has been with the boots supplier, and they already emailed me to say that they were pleased that the boots have arrived. So I've emailed the seller to try to sort this out. I have the boots, I don't want the seller to be without payment!

Vatican souvenir shops caught selling fake papal blessings

You have to love this. Some naughty moneymakers have been selling fake papal blessings.

It's appalling. Shops selling medicine promising that god will cure your cancer, dishcloths with an image of the virgin Mary (taken from an actual photograph, I suppose), and, worst of all, fake blessings.

Don't they realise that fake blessings are less powerful than real blessings? Fake indulgencies that claim that they'll reduce your time in purgatory, won't actually have that effect - and may even *increase* your time in purgatory?

Real blessings cost from $10 to $25, and they really have been blessed by the pope, making them really really holy, and ...

No, I can't do this any more, I'm laughing too hard.


I'll bless you, it's free. Just post a comment to this blog. And you get a cast iron guarantee that you won't have to spend any time at all in purgatory.

Left wrist, right heel

My left wrist is getting better and better, although it's still not up to lifting heavy weights, such as a bicycle, as I discovered last week when I went out caching.

On the other hand, my right heel has deteriorated considerably; so much so that I've decided not to go out caching tomorrow.

Tuesday 15 December 2015

More PCIDSS fun

It was time for my quarterly security check for the PCI DSS. So I set up the scan.

Several hours later (it usually takes under an hour) the result came back: FAIL!

Urghh. This means work for me. The problem was the version of OpenSSL that I was using, it was 1.0.2.d and a recently discovered vulnerability meant that I should be using 1.0.2.e

This keeps happening. Pretty much every time I do my quarterly scan, another vulnerability has been found in OpenSSL, and I have to get the most recent version, download it, compile it, rebuild my copy of Apache (the web server) and reinstall it.

It passed the retest, hurrah!

Now think of this.

1. 80% of companies are not PCI DSS compliant. Of those that are, each time a new OpenSSL vulnerability is discovered, there's a window during which most web sites using OpenSSL are vulnerable.

2. Why are there so many holes in OpenSSL, a program that is key to the security of a truly vast number of web sites?

3. When I interrogate Paypal and look at the header, the first think I see is "X-Recruiting: "If you are reading this, maybe you should be working at PayPal instead! Check out" which is really funny! I also see this: "Server: Apache".

4. When I look at my server, I see: "Server: Apache/2.4.16 (Unix) OpenSSL/1.0.2e". Maybe I should tighten that up and be more like Paypal? Is there any good reason why I should let the world know what version of Apache and OpenSSL I'm using? So I edited the Apache config file, and added "ServerTokens ProductOnly", and now my server responds with "Server: Apache".

And now I'm retesting the server, to be sure that the PCI DSS tester is OK with that.

There's another open source SSL implementation, LibreSSL, but it's only been around for a year or so, I think I'll wait and see.

And, by the way, governments are asking for there to be backdoors in encryption systems.

I boggle.

Monday 14 December 2015

The Gtech ebike

I've seen the advert for this before, but today, ladysolly drew it to my attention.

"Would you like one of these?"


And I read the advertisement. It's reduced from £1695 to £995, but even at that lower price it doesn't look like a good buy.

I checked their web site. It's a bit short of technical details.

It doesn't tell me how powerful the motor is. 250 watts is the standard, but it might be 200, or even less, there's no way to tell.

It doesn't tell you the capacity of the battery. The standard is 10 amp-hours, but it could be less, there's no way to tell. It says it's a "powerful 36v battery", but that tells you nothing about the capacity.

There's no gears. Hilariously, this is presented as an advantage! "There are no confusing gears to worry about." I don't find gears "confusing", but I do find that they help a lot in going up hills.

There's no chain, instead it uses a belt, which it calls "a clean carbon belt drive" by which I'm guessing it means a carbon-fire reinforced synthetic rubber belt. This is also presented as an advantage "there is no oily chain". I don't see that as much of an advantage, if any.

There's no suspension, front or rear. There's no rear carrier rack.

There's no mudguards. If you use this bike on a wet road, you're going to get mud spattered on your back and thrown up into your face.

But the worst feature is surely the price of £995. I just went on Ebay; you can get a new electric bike for £459 with 6 gears, front suspension, mudguards, rear carrier rack, 36V 9AH battery driving a 250 watt motor.

Or a new folder for £474 with 7 gears, front and rear suspension, no mudguards, front and rear disc brakes, 36V 10AH battery driving a 250 watt motor.

Ebay is a great place to buy stuff. If you buy something that's advertised in the newspapers, guess who is paying for that advert.

Sunday 13 December 2015

Education, form 5G

 So I was 14 at the start of the school year (1963-4).

The big thing about the fifth form, was O levels at the end of the school year. I had done the easy ones last year, so this year I had Technical Drawing, Latin, Geography, History and Additional Maths. Technical Drawing would be a doddle, I knew, which was the only reason I did it. 50% of the marks would be for geometry, which is maths, and I'd probably pass on those alone, with extra marks for drawing plans and elevations. I think I got an A. I got an A for Additional Maths, of course. Latin wouldn't be so easy, but I worked hard on that and managed to get a C. Geography was another C, but History was an H. H for Horrible. It was the lowest grade possible, and it didn't surprise me at all. I just could not understand what it was all about.

During the year, we did lots more calculus, both differential and integral, and I lapped it up. I also did stuff not on the syllabus - matrices and quaternions, for example, just because I enjoyed it so much.

In chemistry, we did analysis, which was great fun. You were given a small amount of "something", and by doing various tests, you had to work out what was in that "something". This also let us practice the skills of titration, weighing, filtration, solution and so on. Of course, I was already doing all that in my home chemistry lab.

In physics we did sound, pendulums, lenses and heat transfer. I learned to write up an experiment, which unfortunately reinforced the rather stultified writing style that I'd learned in English classes. In my view, at school I wasn't taught how to write, I was taught how not to write. It was a decade or two later that I learned how to write. But in physics, we were told to use the passive voice, to use long latinate words in convoluted sentences and to generally write in a very obfuscated way.

It was that year that I saw my first digital computer. It was a Pegasus, all valves, and I remember seeing it, but we weren't allowe to actually do anything. I felt a strong tug, though. That looks like fun! At that point, though, I didn't know it was to be my destiny.

In electronics, I added a couple of transistors to my crystal radio, which meant that I could play the output through one of the speakers that I'd salvaged from a dumped TV. I also made a multivibrator circuit, which I developed into a musical instrument that I could play by using my grip on a wire to change the resistance and hence the frequency.

And I got my first job. A cousin of mine told me about it. I applied to Zetters, the football pools company, for a job. I worked Saturday evening and Sunday, and it paid really well, I think I got £2 18 shillings for the Saturday, and even more for the Sunday. The work was pretty tedious, but not long after I started, I took their exams to move up from grade 4 to grade 3, which meant more interesting work (and a pay rise). Eventually, I passed the grade 1 exam (I remember I scored 100% on it), which tested my knowledge of permutations and combinations, which is maths, of course, and therefore not difficult for me. As a grade 1, I got the most interesting (i.e., difficult) work to do.

At school, we were in the remainder of the fire-damaged school, plus some prefabs that they put up in front of it. The effect of this was that things were pretty normal, as far as education was concerned. All the labs were intact, fortunately. And the gym, unfortunately.

Grocers was an all-boys school, and during this year, I turned 15. Girls were no longer a species to be avoided, but an interesting mystery that needed to be investigated. So I joined Habonim. This is a Socialist Zionist Jewish youth movement, but I didn't care about the politics. We learned Israeli songs and dances, played various games, did night walks and received a smattering of indoctrination, and suddenly, without my realising it at the time, history came into focus. When history was about the Tudors and the Stuarts, I couldn't see the point, but when I learned about the Holocaust, is seemed a lot more relevant. I didn't learn much about girls.

The objective of Habonim is Aliyah, emigration to Israel. I went to Israel Camp a couple of years later, and I greatly enjoyed six weeks touring around the country in the back of a truck, plus a couple of weeks spreading manure on a farm, but by then, I knew that I didn't want to be a farmer. Plus, I didn't like the heat, and I'm rubbish at learning languages (my poor efforts at French and Latin taught me that).

At the end of the year, we had to choose what we'd study in the 6th form. The choices were: maths, biology, economics and arts. In my view, biology was just messy and led to medicine, arts were for people who couldn't even do biology, and economics were for the complete failures. I, of course, chose to go into Sixth Maths Lower. I wanted to do maths, physics and chemistry, but they told me I could only do two out of those three, so I reluctantly dropped chemistry.

Friday 11 December 2015

The cost of PCI DSS non-compliance

I just got a letter from Worldpay (they used to be Natwest).

"we're removing the monthly additional PCI DSS service charge fee for customers who have been non-compliant for a period of 12 months or more".

So what is the incentive to jump through the hoops to become PCI DSS compliant?

As of 2014, 80% of companies fail their PCI DSS compliance. And that's a *minimum* standard.

In the last 10 years, not a single payment card breach was with a company that is compliant. That's mostly because as recently as 2012, 92.5% of companies were non-compliant.

I've been compliant since 2008. I assumed, back then, that everyone would be compliant within a year or so. I was wrong. I'm *still* in a minority.

The users don't care, the companies taking credit cards don't care, the banks that accept these billings don't care and even Visa and Mastercard don't care. The credit card system is insecure because there's no-one who has an incentive to make it secure.

And my letter from Worldpay just made that worse.

Black cab blunder, part 3

On 11 October, I was taking on a very roundabout route by a licenced black cab. I complained about it to Transport for London, and TfL has replied. The driver has apologised, and sent a £20 postal order in compensation.

Yesterday, ladysolly was in London, it was raining, her hip hurts, and she couldn't find a black cab - that's often the case, because when it rains, demand shoots up.

We're signing up for Uber.

Thursday 10 December 2015

Emailed malware

In the last few weeks, I've discussed the problem of emailed malware, and how antivirus software fails to deal with it. But how common is it to receive emailed malware?

I collected them over the last couple of days. Here's the list:

      1 Yesterday Beatrice Day                    (8K) Your order #00520531 - Corresponding Invoice #0DD18F61      
      2 Yesterday Fred Chapman                    (8K) Your order #06969392 - Corresponding Invoice #7D22CECB      
      3 Yesterday Patricia Nielsen                (8K) Your order #23564758 - Corresponding Invoice #9ECC81F9      
      4 Yesterday Raleigh Ramirez                 (8K) Your order #17927188 - Corresponding Invoice #15090A24      
      5 Yesterday August Buck                     (8K) Your order #11281247 - Corresponding Invoice #B15570B7      
      6 Yesterday Lucile Patrick                  (8K) Your order #36670299 - Corresponding Invoice #D720B32F      
      7 Yesterday Philip Cross                    (8K) Your order #52273081 - Corresponding Invoice #14812231      
      8 Yesterday Ken Stokes                      (8K) Your order #84419925 - Corresponding Invoice #8A627398      
      9 Tomorrow  Coreen Landsberg                (4K) RE:Gavel_Billing Statement 1531                             
     10 Tuesday   E-ZPass Manager                 (6K) Indebtedness for driving on toll road #000751095            
     11 Tuesday   Christina Fields                (6K) Invoice #06117501                                           
     12 Yesterday Felecia Crane                   (8K) Invoice #06187586 from DataCorp Inc.                        
     13 Yesterday Lessie Hatfield                 (8K) Invoice #06397785 from DataCorp Inc.                        
     14 Tuesday   Malinda Bass                    (6K) Invoice #39613387                                           
     15 Yesterday Gladys Whitfield                (6K) Invoice #42455721                                           
     16 Yesterday Tyrone Fisher                   (8K) Invoice #52469573 from DataCorp Inc.                        
     17 Yesterday Rudy Guthrie                    (8K) Invoice #55206934 from DataCorp Inc.                        
     18 Yesterday Earl Stout                      (8K) Invoice #61079463 from DataCorp Inc.                        
     19 Yesterday Murray Bowers                   (8K) Invoice #64591706 from DataCorp Inc.                        
     20 Tuesday   Gregg Booker                    (6K) Invoice #91133293                                           
     21 Tuesday   Juana Oconnor                   (6K) Invoice #93853550                                           
     22 Tuesday   Krystal Harding                 (6K) Invoice #CS-00261765                                        
     23 Tuesday   Millicent Pratt                 (6K) Invoice #CS-15139904                                        
     24 Tuesday   Lucy Bray                       (6K) Invoice #CS-25255384                                        
     25 Tuesday   Jaclyn Maddox                   (6K) Invoice #CS-40095963                                        
     26 Tuesday   Tia Baldwin                     (6K) Invoice #CS-49390463                                        
     27 Tuesday   Erna Craft                      (6K) Invoice #CS-99757019                                        
     28 Tomorrow  Cornelia Roshia                 (4K) Munsen_Statement 3828                                       
     29 18:01     Violet Raymond                  (6K) Payment Nr: 18568743/490056D0                               
     30 16:44     Mai Raymond                     (6K) Payment Nr: 31791500/0DD06850                               
     31 Tomorrow  Lindsey Clay                    (6K) Payment Nr: 50312964/F53EF071                               
     32 15:23     Wendy Woodward                  (6K) Payment Nr: 78514869/F7A71FD4                               
     33 22:32     Robbie Melendez                 (6K) Payment Nr: 90182720/C91F7FF0                               
     34 Tomorrow  Ola Avila                       (6K) Payment Nr: 92379516/036BA837                               
     35 20:48     Earnestine Barber              (11K) Payment Request, Ref. nr: 03412420/2015                     
     36 17:19     Briana Kennedy                 (11K) Payment Request, Ref. nr: 17542395/2015                     
     37 10:23     Effie Walters                  (11K) Payment Request, Ref. nr: 20612581/2015                     
     38 12:09     Saundra Vargas                 (11K) Payment Request, Ref. nr: 25227726/2015                     
     39 18:37     Ashley Bates                   (11K) Payment Request, Ref. nr: 74148612/2015                     
     40 16:00     Winifred Lang                  (11K) Payment Request, Ref. nr: 99939309/2015                     
     41 10:03     Hilda Sawyer                   (11K) Reference Number #05888572, Last Payment Notice             
     42 11:43     Ladonna Roach                  (11K) Reference Number #33676317, Last Payment Notice             
     43 11:51     Roy Cochran                    (11K) Reference Number #35689361, Last Payment Notice             
     44 11:57     Zack Monroe                    (11K) Reference Number #60252245, Last Payment Notice             

     45 11:15     Janet Mcdonald                 (11K) Reference Number #99478023, Last Payment Notice             

This is not a rare problem.

Iced bun

I had an iced bun for my tea today.

This is my favourite sort of bun, eaten while drinking a large mug of coffee. Ladysolly gave me one for when I was out caching yesterday, and she left another one for me today.

The tide turns?

The Archbishop of Canterbury has said that he believes the “tide is turning in this country” for the Church.

The tide is still going out.  The Church Times says so.

Bike maintenance, computer maintenance.

I've ordered a replacement for the pannier that fell apart, it should arrive in a few days.

Then I pumped up the tires - that turned out to be more difficult than I expected. I have three electric pumps. Two have their own battery (they are the kind of box that is a 12 volt battery with jump starter leads, plus a lamp, plus a tire pump), the third is stand-alone.

One of the ones with its own battery is broken - it just goes "Wheee" when I use the pump. The other one with its own battery didn't work, because the battery was discharged. That's worrying, because that's the one I carry in the car as an emergency starter and tire pump. So I put it on charge.

Then I plugged the one that doesn't have a battery, into the charged battery. The pressure when quickly up to 100psi, there was a bang, and it stopped working.


I have an old battery+pump. It's so old, the battery doesn't hold a charge. I dismantled it, took out the pump, and fitted it into the battery+pump with the non-working pump. And it worked! So I used that to pump up the bike tires.

I thought of buying a replacement pump-without-battery (£7 on Ebay), but then I thought, there's no point, I have two working pump-with-batteries. One is dated 2013, the other 2014. These tend to last about three years, so I'll buy another one in 2016 (about £35 on Ebay).

Next, the bike brakes. When I was out yesterday, I was finding that stopping was a bit iffy; I was having to put my feet down to help the brakes stop the bike, and that's not good! I checked the back brakes, they looked fine, but the front brakes were worn down, so I changed the pads. And I checked the rear carrier; all the bolts are tight. The rear carrier is really important for my bike, because that's what carries the batteries, repair kit and other equipment; there's about 25 pounds of kit there. It means that when I'm 10 miles from the car and I get a problem, I can fix it on the spot.

A quick squirt of oil in the chain and suspension spring (if you don't oil that, it makes an annoying squeaking noise as you bounce along), and the bike is now ready for my next trip out.

And now the computers. The computer hosting my malware cleaner stopped working. I nudged it, and it worked again for a short time. So I examined it more closely, and saw that the wire carring the power from my remote-control relay to the Raspberry Pi was cracked, so I soldered it and now that works fine.

The other computer with a problem was one of my secure servers. It was crashing. And when I rebooted it, it worked for a while, then crashed again. I opened it up, and noticed that the hard drive was too hot to touch, and I think that's a good test; if it's too hot to touch, then it's too hot. So I put it into a cooling bracket, so that an 80mm fan is constantly blowing air over it. That keeps it nice and cool, and it hasn't crashed since.

Wednesday 9 December 2015

Hartley Heart attack, part 5

Another slice of this great series. I did 51 caches today, including one I DNFed last time out, but I DNFed another one today. I found two more of the bonus codes, so now I have three out of (I think) six.

I had hoped to do an additional small loop of two dozen, but by the time I finished the 51, my back hurt too much to continue.

This series is going nicely.

A couple of problems while I was out. After the first few caches, my pannier split, so I went back to the car to get a spare. And then, about 2/3 of the way round, one of the bolts holding my rear carrier to the bike came loose and fell out. Fortunately, I carry a very comprehensive toolkit, including spare bolts! So I was able to replace it.

Tuesday 8 December 2015

American refugees

Here's a question - how many American refugees should we be willing to accept?

Two leading presidential candidates are Trump and Sanders.

Trump is a right-wing candidate who plans to turn America into a fortress, with walls to keep out Mexicans, and no entry for Muslims.

Sanders is a socialist, who plans to soak the rich, introduce a National Health system and level down incomes.

Either way, there's a bunch of Americans who will want to emigrate, and the UK is a likely desired destination, because Americans speak a similar language to English. But there's downsides to having too many Americans.

1) They'll want to bring their guns. So many Americans love their guns.
2) They'll push for theocracy. A lot of Americans think that their particular religion (usually one of the sects of Protestant Christianity) should be the law of the land.
3) When they discover that they can have their teeth done for free, they'll swamp our dental service.
4) They have approximately 365 mass shootings per year. That's not the British Way of having an argument.

We should start mid-Atlantic patrols, so that we can intercept boatloads of American migrants in rubber boats rowing across the Pond and send them back to New York. We need to set up internment camps, so that any that do reach our shores can be properly vetted before granting them possible refugee status.

So we should obviously place a limit on how many American refugees we should accept, and it's not too soon to start thinking about it.

Trump's trumpeting

Trump has declared that he wants to bar all Muslims from entering the USA. That includes US citizens. I'm not sure what his plans are for returning members of the military.

Lots of people are saying "How terrible" and "Sounds like Hitler". But what I'm saying is, "How?"

Let's suppose I decide to spend a couple of days in New York, where they have great food. Latkes (which someone told me is the same as hash browns, but ladysolly told me isn't, and she should know), salt beef (which they call corned beef, whereas in the UK corned beef is something completely different, so beware) and cheesecake (and here's another caveat; in the UK there's two sorts of cheesecake, the sort you get in New York, and another sort which is *completely* different and not very nice). But I'm getting digressed on the subject of food; let's get back to Trump. And let's suppose there's a "no-Muslim" policy in place.

Obviously, they could just ask me, "Are you a Muslim". And I'd say "No". But that's hardly proof, and it's what you'd expect a Bad Person to say. So how can I prove that I'm not a Muslim?

They could offer me a bacon sandwich, but I just love bacon sandwiches, so I'd happily eat it, although a religious jew wouldn't, thus proving ... nothing at all.

They could check for male genital mutilation, which I do have (at eight days old, I was too young to object), but I've read that a lot of Americans have this too.

All of these negative checks, aren't going to work. But what about a positive check? A positive check would be a proof that I was some non-Muslim religion - if I'm Christian or Jewish, I can't be Muslim, right? So how about a proof that I'm something else.

They could ask me for a recital of the Nicene Creed, which non-Christians are unlikely to know, but the problem is, I doubt if many Christians know it either. Nor do I.

They could ask me to recite the Shema, but I'd fail that, unless I was given time to learn it before the exam.

No - I just don't see how they'd do this. The hope is that by keeping out all Muslims, they would keep out nasty extremist terrorists; the difficulty is that a nasty extremist terrorist would pretend not to be a Muslim, and I can't see how you'd be able to tell the difference.

But there is one way.

Don't let *anyone* enter the USA, and if any US citizen leaves, don't let them back in.

That should do it.

Monday 7 December 2015


Yesterday was mixed.

It started out badly when my leased line went down at 2pm, and I spent the next five hours kicking Daisy to try to get some action. At 7pm, I had to leave because ...

At 8pm, we went to a Shiva. My wife's brother's wife's brother's wife's mother died, and for seven days, the mourners sit on low chairs, all mirrors in the house are covered up, and prayers are said at the house of mourning each day. And relatives visit to show sympathy and consolation. And, of course, eat.

So we drove to Bushey to the house of my wife's brother, and I was fed chocolate brownies until it was time to go. Then we went to the Shiva house, where I ate fish balls until it was time for the service.

The rabbi and I had the same hat; I call it my Rabbi Hat, and I wear it ironically. He wears his for real. Everyone else was wearing a yamulka. The women all went to the back of the room, the men at the front, and we spent what seemed to me to be a very long time reading the Shema, and Maariv followed by three times Kaddish, which is the mourners prayer.

Then ladysolly and I, her brother and his wife went on to a kosher restaurant. Ladysolly and I both had chicken soup with lockshen and kneidlach, which we both love. I followed that with salt beef, latkes and pickled cucumber, and finally my favourite dessert, New York cheesecake. I identify as atheist, yet gastronomically jewish. Ladysolly tried to buy some chopped liver to take away, but sadly the kitchen had closed.

We got home at 11pm, just in time to see the Openreach van with the driver checking the connections in the nearby green box, but that didn't fix my leased line; I called Daisy to tell them so.

I went to bed, but I got up at 3am, 5am and 10am to greet three more Openreach engineers, and the last one finally fixed the problem. So as you can see, I didn't get much sleep.

But anyway. Latkes. Even the thought of latkes cheers me up.

The Commission on Religion and Belief in Public Life

The Commission on Religion and Belief in Public Life has reported after two years of reflection, and it's a doozy!

- faith schools are "socially divisive"

Well, duh. That's the whole point of faith schools. Whoever thought that they were ever a good idea, should go visit Northern Ireland.

- cut the number of Church of England bishops in the Lords and give places to imams, rabbis and other non-other non-Christian clerics as well as evangelical pastors.

And to atheists.  Or, alternatively, why should clerics have a voice in our government?

- Thought of the Day on BBC Radio 4's Today programme should include non-religious messages.

Again, Duh. It's thought of the day, not prayer of the day. 

The coronation service for the next monarch should be overhauled to include other faiths

Good idea. I can hardly wait until a colander-wearing, pirate-costumed Pastafarian places the Sacred Spaghetti on the monarchs head, and anoints him with tomato ketchup.

The Church of England religionists are having conniptions at the thought that their establishmentarianist monopoly might be breached. But less than 20% of people in the UK say that they're Anglicans (in case you didn't know, Anglican is a synonym for Church of England. I think. Maybe there's subtle differences that I'm unaware of).

Half of the people in this country describe themselves as having no religion, and this proportion is growing. We need protection from the institutionalised religiosity, from the monopoly of House of Lords Anglican Bishops, and, most of all, an end to the divisive faith schools.

Openreach outage

At 14:20, my main comms line went down. And stayed down. 40 minutes later, I noticed and reported it to Daisy.

Nothing happened for a long time. I kept phoning Daisy to give them a prod, and eventually, at 11pm, (11 hours later) a van from Openreach was parked nearby, checking the green cabinet that my line goes through.

That didn't help, and I called Daisy again.

Openreach sent another engineer. He came here at 3am. He phoned, I woke up, and let him in.  So he started measuring voltages - he thought they were OK. Then he revealed that he wasn't the engineer for private circuits (which is what I have), didn't really know much about them and needed to call a colleague to talk him through what to do. He left without fixing the problem, and said that I needed another site visit from another engineer.

At 5am, the third engineer arrived. He first went to the exchange and swapped out a card, but that didn't help. Then he phoned, woke me up, and I let him in. He was confident that swapping out the BT equipment here would fix it - it didn't.So them he started measuring voltages, but he had an analog voltmeter, and it was clear to me that it wasn't accurate enough, so I offered him my digital voltmeter, and that revealed the problem. I was getting 116 volts on one line (it should be 120), but only 111 volts on the other, and 111 volts just wasn't quite enough.

We were losing five volts somewhere. Progess! So he went back to the exchange - maybe a fuse has eroded and that where the five volts is going? No, it wasn't.

At 10am, the fourth engineer arrived. He went up his ladder to the telephone pole outside my house, and saw the problem immediately. The screw terminal connection was corroded. So he snipped off the corroded copper, connected it with a compression-fit connector, and immediately my comms was working.

So I had an outage for 21 hours, because whoever fitted the line originally, thought that a screw terminal connection would be good enough.

I'm making an SLA claim for this.


74 years ago today was "a date which will live in infamy". The Japanese attacked Pearl Harbour.

Britain had been fighting the Nazis since September 1939, and a year had been facing the Nazi war machine alone - joined in June 1941 by the Russians, after the Nazis attacked them. 

On December 7, 1941, the Imperial Japanese Navy attacked Pearl Harbour without a declaration of war. They achieved total surprise, sank four battleships and damaged four more. 2403 Americans were killed.

And so America joined World War 2, declaring war against Japan. They would most likely have followed up by declaring war on Germany, although that would not have been obvious - there was no clear reason for doing so. Fortunately, Hitler made is easy by declaring war on the USA. So, two years after WW2 started, the USA joined in, making the outcome certain.

We all know the outcome of that. The Russians beat the Germans, the Americans beat the Japanese and the British beat Italy.

On November 13, 2015, Daesh attacked Paris, killing 130 people. As a result, France declared war on Daesh. France is our neighbour and our friend. France is our ally, via Nato, via the EC and via the UN. On 20 November, the UN Security Council passed a resolution calling for decisive action against the "unprecedented threat" of The Islamic State by "all means" necessary.

The UK has, of course, already been fighting Daesh - the Iraqi government asked for, and got, our help in its fight against them. We were already bombing Daesh, or at least, bombing those parts of Daesh that are in Iraq. A few days ago, the UK parliament voted to also bomb those parts of Daesh that are in Syria.

I think some people are worried that by bombing Daesh, we're going to annoy them, and maybe they'll try to commit terrorism outrages in the UK. It's a valid concern. But we were already bombing them. In Iraq. And you don't deal with murderous savages by offering them tea and cakes.

There is a risk to the home front because we're stepping up out attacks on Daesh. But giving in to a bully is a much bigger risk, because the bully is still there, and will just ask for more.

The Paris attack will be Daesh's "date which will live in infamy".

Sunday 6 December 2015

A surge of spam

About a thousand spams arrived in the last 12 hours. The subjects include:

90% off Discount Software
Achieve every girl's bed fast
Are you ready to become immense for girls?
Are you ready to please your wife at night?
Buy Cheap Software
Cheap Software
Discount Software
Do you want to please your partner every night?
OEM Software
The easiest way to gain more health
Vape-shop N1

And the ever-popular:


This is about ten times as many as I usually get.

Friday 4 December 2015

Hatley Heart Attack, part 4

Another bite at this great series. Today the weather was good, but the ground was muddy, and it was the clingy bike-blocking sort of mud. So it took more out of me than usual. However, by careful route-planning, I was able to avoid most - but not all - of it.

I still managed to get 51 caches, but there was one DNF. And I managed to get one of the letters for the bonus!

Thursday 3 December 2015

How to address the US shootings problem

Many politicians seem to think that prayer is the answer. If it is, then it hasn't worked so far, but this might just mean that we haven't prayed enough. Mark 11:24, "Therefore I say unto you, What things soever ye desire, when ye pray, believe that ye receive them, and ye shall have them." Many other religions believe in the power of prayer, but the fact that it hasn't worked so far, might be because we've never set up a major project to try it.

I have an idea.

One of the great characteristics of humans, is tool usage. My proposal, is to apply that to prayer.

The computer is the obvious tool to use. We make one file which is a list of gods; as more gods appear, we can extend the list. Also, we would commission research to detect previous undetected gods - the various theological colleges would, I sure, be delighted to submit research proposals..

The second file is a list of prayers; again, as more prayers are developed the list can get longer. Employment could be found for many otherwise underemployed religious leaders in prayer development, testing and debugging.

The computer would combine each element of list 1 with each element of list 2; it should be possible to pray at the rate of at least a thousand prayers per second. This means 86 million prayers per day, and if that isn't enough, we can add more computers to the task.

The prayers would, of course, be sent to /dev/null, just like all other prayers.

Tuesday 1 December 2015

Hatley heart attack, part 3

Aother 60 done today, biking around a circuit plus a few extras. Two DNFs.

It was quite warm and it didn't rain, but it was pretty muddy.

One cache required me to creep across a makeshift bridge, then up a steep bank on the other side. Getting back was equally hairy!

On the way there, I got caught in a big traffic jam on the M25; as a result, I got to my start point an hour later than I'd planned. But the day went well, I did the 60 caches in five hours. I got back to the car at 4pm, just as it was starting to get a bit darkish, for lunch and coffee.

A good day out, and rather tiring!

Monday 30 November 2015

So what about PDF files?

An email from Google!

From: Google  Incorporation ® <>
Reply-To: Google  Incorporation ® <>
To: undisclosed-recipients:  ;
Subject: Google End Of The Year Winning Letter®
   1 Shown   ~33 lines  Text
   2          80 KB     Application

Dear Google User,

You have been selected as a winner for using Google services. Find attached email with more


Larry Page
CEO of Google

©2015 Google  Incorporation ®
Of course, it isn't. But a pdf file was enclosed.

SHA1 aee4153e0b9f4fd0ab9a59957860fe410cff5dc6
SHA256 e4014fc00c263f1a821964ecb66d9b269876b92b7008e884fd4f2cc2ef788256 
I sent it off to Jotti, Metascan and Virustotal, and they all reported that it's clean. Virustotal told me that it was first reported on October 18, 2015, six weeks ago.

Given that Larry Page isn't one of my usual correspondents, it's obviously something bad. Maybe it's a scam, not malware? I don't have a virus lab, so I'm not going to load it to find out.

This also arrived:

Subject: Sales Invoice OP/I599241 For ANDSTRAT (NO.355) LTD
   1 Shown      6 lines  Text
   2          132 KB     Application

 Please see enclosed Sales Invoice for your attention.

 Regards from Accounts at James F Kidd
 ( email: )

Also a PDF file, according to the extension, but actually it's a DOC file!

Jotti: One product (Kaspersky) out of 20 flagged it.
Metascan: Two products (Kaspersky and ThreatTrack) out of 43 flagged it.
VirusTotal:  6 out of 54 flagged it.

Hancock's Half Hour

I just found the old Hancocks on Youtube. Either you know what that is, or you don't.

Sunday 29 November 2015

Blocking doc malware

In this blog, I've been discussing the fact that of the 55 scanners examined (which is pretty much all available products), they all fail to detect malware in emails.

Yet all of them come with all sorts of claims, recommendations and certifications. How can this be? And what can be done?

The claims are similar to "detect 99.9% of in-the-wild malware". The problem is, that's not tackling the actual problem. The actual problem, is the malware emailed to me (and, most other people) every day, and the scanners don't detect anything bad in those. I dare say that the testers have 100,000 files collected over the years that these products do flag as malware. But that's not the problem.  I'm getting a hundred or more emails per week with malware attachments, and if I relied on scanners to keep me safe, I'd be getting hit dozens of times per week.

So what can be done?

In other posts, I've explained what can be done. But talk, as they say, is cheap. What counts is action.

So I've taken action. I have, running on a Raspberry Pi, this page.

To use it, you click on the "Browse" button, choose the file that you want cleaned, then
click on "send the file".

The file uploads to my server, and then it converts the file to A) a pdf file, B) an rtf file and C) a text file. You can download any or all three of those, and read them. The pdf, rtf and text file format, does not support the existence of macros. So any macros that are in the doc file, whether malicious or benign, are not present in the pdf, rtf or txt files.

This doesn't tell you if there was anything malicious in the doc file. It just creates files that don't include macros.

You still have the original doc file, of course, and you'll probably want to delete it.

This service is free.

I'll be expanding it, if there's demand, to cover xls (Excel spreadsheet) files and possibly others. Another possibility would be to convert the file into a doc file but stripped of any macros.

Even better, would be to install something on your computer that did this automatically, but I'm not going to do that; I'll leave that to the 55 antivirus vendors that are capable of writing this software, but, as far as I can tell, have not.

Mostly, this is a demonstration of what can be done. Ask your antivirus vendor why they haven't.

Email from a friend.

But surely you can trust an email from a friend?

Yes and no. Maybe it really is from your friend, no if it's only pretending. I'll explain.

Here's what happens. Your friend visits a web site that installs software on his computer - this software gives complete control of his computer to a Bad Person. Or he clicks on an email attachment that does that. So now a Bad Person has control of your friend's computer.

The Bad Person can now email everyone on your friend's contact list. Or email everyone who your friend recently emailed (by checking the "sent email" folder). Or email everyone who emailed your friend. And that email comes from your friend's computer, has your friend's name and closing lines (signature) on it, and asks you to do whatever the Bad Person has in mind. Which is probably a Bad Thing.

There's another wrinkle to this. When you get that email (as do umpteen other people), you might realise that it didn't actually come from your friend, in which case you might email your friend and tell him that his computer has a problem. And then your friend will get rid of the trojan.

This, from the point of view of the Bad Person), is bad. So what I'm seeing now, is that the email to everyone on the contact list, is being done from *another* compromised computer. So if you just hit "reply" to tell your friend about the problem, it won't get to your friend. And the trojan survives to do more damage.

So even if an email seems to come from a friend, don't visit any suggested web site, and don't click on any attachments, until you are *sure* that your friend really did send it.

Friday 27 November 2015

And a doc file

From: Bruce Sharpe <>

Subject: Aline: Tax Invoice #40525

Good day,

Please find attached Tax Invoice as requested.

Many thanks for your call.

Bruce Sharpe.

A doc file.
SHA1 5836a7ac46981dad66b056ab64f6ecb583fc92c3
SHA256 feb034075eb65662db187dff2e4441740a62609cec23786854acdebeedc903d5 
Virustotal - all 55 products passed it as clean
Metascan - Baidu flagged it, the other 42 passed it as clean
Jotti - Quickheal flagged it, the other 20 passed it as clean
Payload security  - contacts a server, downloads a file, drops a file rudakop.exe. When I google that, lots of results say it's malware.

Antivirus products don't block doc files, because a doc file is a legitimate way to pass documents from place to place. But most documents won't include macros. 
As you can see from the above,  a file that arrived in my inbox (actually, they sent me three copies so far) is malware, and isn't flagged by antivirus products.
My doc file reader doesn't allow macros to run, because I set it that way.

Does yours?

Thursday 26 November 2015

html enclosed

Does your email filter check for html files? If so, what does it do?

I just received one.

From: PayPal <>
Subject: Online Account Verification

Dear Customer

Please take a few minutes out of your online experience to know why we have limited the access (temporarily) to your account.

The time it takes to restore the access is usually uncertain; depending on the type of issue, it may take our security team a few minutes or hours to resolve the problem.

There are a variety of reasons why an account is set to Limited; One of them is un-authorized access (another user tried to use your account without your consent).

An attachment is given to you through this notification. Please download and open it in your browser to verify your account.

Our security team will immediately review the information you have provided, and your account should be restored back to normal.

We would like to thank you for your attention to this matter.

PayPal Account Security Division

It includes an obfuscated javascript program. I'm not going to try to de-obfuscate it, because the obfuscation is clear evidence that it's doing something fishy.

SHA1 8ab4172e11f81cee016dff09cfd50a3e86f94810
SHA256 713a848d3613d1f9243574a171bec958e2127695fe6e3f60df0f353c654eb081

Jotti says that only Sophos flags it, 20 other products say it's OK.
Virustotal says that only Sophos flags it, 54 other products say it's OK.
Metascan says that only Sophos and Preventon flag it, 41 other products say it's OK.

 "Ah, but," you might think, "I'm running NoScript, which will prevent dodgy javascripts from running." And you're probably wrong. NoScript blocks javascript based on which web site is running it; if you allow a web site to run javascript, then you're trusting it until you change your mind, which probably won't happen, because why would you? And if you click on this html attachment, the javascript is being run from your own computer and you've probably already decided that you can trust yourself! So the script will run, and although I can't tell you exactly what it does, I'm pretty sure it will be something that you really really don't want.

So does your email filter check for html files? If so, what does it do?

Fake paypal email

Today, I got another fake paypal email, by which I mean that it claimed to be from Paypal, but wasn't.

I get a lot of these, which means two things. 1) A lot get sent out and 2) there must be some people who fall for it.

From: PayPal <>
Subject: Your-Account-Has-Been-Limited-Case-ID-PP-033-821-136-967

They aren't even trying very hard. They say that the email came from Paypal, but the from-address is at

They want me to click on "Confirm my account now", but when I look at where that goes, it goes to I visited that address, it invites me to login. I logged in using some made-up information - username and password, and that took me to That got me to a log out screen.

I checked out that domain using "whois" and it gives a name and address  in the USA. My guess is that it's a fake name and address, or maybe a real name and address, but not that of the Bad Person. It was registered yesterday.

So some Bad Person now has a username and password that they hope is my Paypal details - if I'd given my actual details, you can imagine what they'd do with that!

Here's the thing. When I used my mail reader, next to "Confirm My Account Now" it told me that the link actually went to [], and that's a clear indication that something fishy is going on. When I checked that out, it's a URL shortener site that is (probably without realising it) redirecting for lots of malware, based at Cloudflare in Arizona, USA. The Bad People use URL shorteners to hide the domain name that's actually hosting the malware.
I've reported the abuse to the URL shortener people. And they have already reacted! Now when I visit that URL, I get:

WARNING: A user has reported this shortened URL to us as being in violation
of our terms.

   We haven't had chance to check it out yet, but we automatically show a
   preview page for shortened URLs awaiting our investigation. Please
   proceed with caution, especially if the original URL looks suspicious
   or if you received it from a suspicious source.

I've also reported the domain to (who are the registrar).

But given the volume of this sort of thing, whack-a-mole isn't the answer.

My mail reader always tells me where a link really goes.

Does yours?

Trojan spreadsheet

From: Lucie Newlove <>

Please see attached Invoice Document SI528880 from xxxxx FOOD IMPORTS LTD.

Please contact our Sales Department for details.

xxxxx Food Imports Ltd

Wiltshire Road,
East Yorkshire
Actually, it came from, which means a broadband line in Brasil. The spoofed from-address is fake, and the people sending the email have nothing to do with the food importing company (whose name I've redacted).

And, of course, it's malware.

SHA256: 1ecc514d0bf2b4f340d3c45b832e72d0be1cc5a86182e193221740041bb15052

Using VirusTotal, only AVware and VIPRE (out of 54 products) flagged it. Using Jotti, only Arcabit and Kaspersky (out of 21 products) flagged it. Metascan says that only Kaspersky and ThreatTrack (out of 43 products) found it.

Poor, very poor. You MUST NOT rely on your antivirus product to block malicious software in emails. The macro in the xls file does a lot of obviously bad stuff - it contacts a server, downloads something, installs something on your system.

Full report here.

And here's the problem. It's a spreadsheet. It could equally have been a doc file. It can come with a very plausible email; for example, I had one recently that said that my Fedex parcel couldn't be delivered, and I should read the doc file for details of how to proceed. As it happens, I was expecting a parcel - that must be pretty common. And I have no idea which courier the vendor would use, Fedex is plausible. So there's a good incentive to read the doc file. But if you load it into Word, your computer is no longer yours.

My advice. Change your Word and Excel settings so that they don't run macros, and resist any temptation to change them back. Also, don't click on any attachments unless you're certain that they came from a good source. And remember that your good friend Bob might not have been so careful and if his computer has been taken over, you could be getting malware that's apparently from Bob.

Wednesday 25 November 2015

I'm offended

I'm offended. Lots of people are offended. Some people are offended on behalf of other people; some people are just-in-case offended; offended against the possibility that other people might be offended.

Lots of things offend me. I have a hair trigger for offence. I'm immediately offended by anyone saying that they're offended. Indeed, the very word "offended" offends me.

But there seems to be a growing feeling that people have a right not to be offended, and that offensive speech should be banned. I, of course, feel that this proposition is offensive, and people should not call for offensive speech to be banned, because that offends me. If they think that people have a right not to be offended, then they should stop campaigning for that right, because their campaign offends me.

Pew recently did a survey.  40% of American Millenials (aged 18 to 34) support government censorship for offensive statements about minorities. I, of course, am a minority - I'm the only drsolly in the world. So don't say anything offensive about me, or I'll be offended. 28% of all Americans agree with this.

38% of Brits favour censorship of offensive statements about minorities. I'm appalled. And in Germany, that's 70% - that's the effect of recent history, I guess.

We're already part way there. "Hate speech" is illegal in the UK, and many other countries. The act also says:

Nothing in this Part shall be read or given effect in a way which prohibits or restricts discussion, criticism or expressions of antipathy, dislike, ridicule, insult or abuse of particular religions or the beliefs or practices of their adherents, or of any other belief system or the beliefs or practices of its adherents, or proselytising or urging adherents of a different religion or belief system to cease practising their religion or belief system
So I can criticise a religion. Whew! But in practice, on 20 April 2010, police arrested Dale McAlpine, a Christian preacher, of Workington in Cumbria, for saying that homosexual conduct was a sin. Now I think he's wrong, but I also think that he should be allowed to preach his wrong ideas. Eventually, the police apologised for arresting him, and he got several thousand pounds compensation.

I believe that offensive speech is very important, and should be protected, not censored. Because who decides what is offensive? Any expression of opinion could be shut down, merely by someone calling the police and saying "I'm offended".

And criticism of ideas is important. How can we debate the worthiness of political, religious or cultural ideas, if we cannot criticise them? If all that is allowed is praise?

There should be no censorship of offending speech. There should be no right "not to be offended".

I'm offended at the mere thought that there could be.

How to buy from auction sites.

As you've probably realised from various blog posts, I'm rather careful about security. But I buy stuff from people in far-away countries, and I really don't know who they are. So far, I've been OK.

It starts off with a credit card. Credit cards have a particular property that debit cards don't have. In UK law, even if the vendor or auction site won 't give you a refund, the credit card company must, under Section 75 of the Consumer Credit Act 1974. This covers purchases from £100 to £30,000. So if you bought something for £99, this won't help you - in theory. In practice, your card company might well do the refund, because they can claw it back from the vendor.

So I took out a credit card from a well-known shop, and put a limit on it. That's easy to do; supermarkets are very keen to give out credit cards. I mostly use it to buy diesel for the Freelander. And I will *not* use it at the pump, that's far too dangerous. I use it in the "kiosk".

Then I opened a Paypal account; again, easy to do. And I gave that credit card as the source of funds.

Paypal also have a refund policy, they call it "Buyer Protection". This covers any purchase you made using Paypal, but you must open your case within 45 days of the date you make the payment. So if you have a problem, remember that timing - after 45 days, you're not able to claim.

I buy things using either Amazon or Ebay; mostly Ebay. There are other auction sites, and I don't know anything about them (with one exception, which I'll cover later), because my feeling is that if a vendor puts an item anywhere, they'll put it on Ebay, because Ebay is BIG. On Ebay, I pay via Paypal; on Amazon I use the card explained above.

Ebay also has a refund policy. To use it, you have to make a claim within 30 days of the actual or estimated return date.

So here's my procedure. If I receive goods that are faulty, I don't give Ebay feedback just yet, but I contact the vendor. Problems I've had are:

- I bought a pair of arm coverings that were "one size fits all", that were actually "one size fits very skinny girl". I complained to them, I got a full refund.
- I bought five cables, and only one arrived. I emailed the vendor, they sent the other four.

Problems I haven't complained about, are:

- I bought several wrist supports. ALl of them arrived, but one was useless and two of the others weren't much good. One was OK and one was good. I didn't complain because A) it was only a pound or so each and B) the products were as shown.
- I bought a mouse mat with gel wrist support. It isn't much good, but it only cost a pound, and I am actually using it.

So my experience is that vendors do make mistakes, but are keen to rectify them. And some goods are inadequate, but when I explain why, I get a refund.

I haven't needed to complain to Ebay, but it's nice to know that I can if necessary, and it's an incentive on the vendor to make things right. If Ebay doesn't help, I can always complain to Paypal, or the card company.

The other main place I buy from is Amazon. From Amazon, it's mostly books that I buy, and there's not much can go wrong with a book. Occasionally, I've bought a second copy of a book, but that's my fault. I also buy other things from Amazon - that's where I buy my Hitec boots, for example. Once I bought a book that had half the pages missing - some kind of binding error at the printers. I should have complained, but I didn't.

I've also looked at things from Alibaba, which is a Chinese auction site. It is, indeed, an Aladdin's Cave, but you often don't see the prices (you have to ask each supplier) and often there's a large minimum quantity. There'a also Aliexpress, which is more aimed at consumers. I bought something from them once, but I'd only use them if Ebay and Amazon didn't have what I want.

I buy quite a lot from Hobbyking. They sell radio-control stuff. From them, I get my bike batteries, because they're a lot cheaper than any alternative I've found, and they are reliable. Once, they shipped me an order that was completely different from what I orderd (I'm guessing they got two orders mixed up). But they sorted it out, and I got what I'd paid for. Lipo batteries from Hobbyking are about half the price of those on Aliexpress.

I bought the bike motor that I currently use direct from the factory, Xiong-da. That was before anyone was importing them, and I wanted that one because it is dual-speed. When I'm on rough ground, or steeply uphill, I use the lower gear which pulls the bike a long like it's being winched. On tarmac, I go into high gear, and it's as if I just lit the afterburner.

So, in summary, I'd say that buying things from auction sites is pretty safe - I've never needed the additional precautions I take.

Tuesday 24 November 2015

More malware analyses

Aryeh Goretsky, who I've know for a long long time, is currently at Eset (they make anti-malware software) suggested to me a couple of places other than VirusTotal to try, so I did.

Dear customer

The confirmation invoice for order 1366976 is attached.

Please let me know if you need any other paperwork.

Best regards,

Nimisha Patel
Marketing Assistant
Abcam plc

Enclosed was an XLS spreadsheet. I'm pretty sure it's malware, I haven't ever bought anything from Abcam. The XLS file has a SHA256


SHA1  e681f239b8bd63af26630410c340d83bad53fe10
MD5   7a2b2afb94c7a5ae18dd3456b559a7c0

According to VirusTotal, 8 products (out of 54) flag it as malware.


According to Jotti, the following four products flagged it:

Eset, Fortinet, Kaspersky and Sophos.

Of the products that flagged it with VirusTotal, Arcabit and Trend found nothing

According to Opswat Metascan online, four out of 43 flagged it.

Kaspersky, Preventon, Sophos and ThreatTrack.

Of the products that flagged it with VirusTotal, Eset, Fortinet, TrendMicro found nothing,

So a threat that arrived in my mailbox, is flagged by about 10% of products.

... update ...

Another file, this one is a doc.

MD5:    8875a13b396384acdf18dc6c231bd477
SHA1:    b09d734e793d64964bc9dcf312197c13e9c2de84

Virustotal - flagged by 18 out of 55
Metascan - flagged by 4 out of 43
Jotti - flagged by 12 out of  21