Pages

Monday 30 March 2015

My new ethernet link

I signed the order at the beginning of October. Today, I chased it up, and found that at the end of April, Openreach will put up traffic lights on my lane so that they can investigate whether the pipe carrying cables along the road, is blocked. So I'm unlikely to get connected until at least May, and possibly June.

Saturday 28 March 2015

The Essex Way completed

Today, I did the last part of the Essex Way, ending up at Harwich.

I've visited Harwich a couple of years ago, so there weren't many additional caches for me to do. This one presented a challenge:



There was a foot race going on. I cycled through the middle of it, went a few yards past the finish line, and stopped. The cache is just a bit past where the guy with the yellow jacket is sitting on the wall, and as well as him, there were several dozen spectators, all overlooking the cache. Should I skip this one? Hell, no, as Ed Milliband said. Stealth was needed. And stealth was applied. I grabbed the cache just as Annette crossed the finish line (I knew she was Annette because of all the encouraging calls). And they didn't notice a thing.

Here's something I found while doing a cache after lunch.



And then I got to the end of the Essex Way. Actually, I've been here before, when I cached in Harwich a couple of years ago. But this time it was special, because I've cached along the Essex Way, all the way from Epping to here, 81 miles. It's taken me several outings, and in the course of doing the 450-odd Essex Way caches, I've done a total of several hundred, because of all the extras.


The high point of the trek was, of course, getting trapped in a bog and only managing to get out by gnawing off one of my boots. But the whole journey was great fun. It needed careful planning each time I did a segment, because they aren't all trads (there were multis and puzzles) and the midpoint bonus puzzle was really good.

For the last couple of months, I've known in advance where I'll be going caching - it's always been the next segment of the Essex Way. Now I'll have to find other circuits to do.


Friday 27 March 2015

PCI DSS fail part 2

So I signed up with the new "Saferpayments" web site. Here's what the letter said "Worldpay's new SaferPayments programme which is designed to make confirming compliance with the PCI DSS quicker and easier"

With the way it worked before, it was my responsibility to make my server secure - that's fine. Trustwave would test my server, and pass the results over to Worldpay; I didn't have to do anything else. Computer talking to computer. No need to me to act as a kind of courier.

With the new system, I have to log on to Trustwave, download the compliance report, log on to Worldpay, and upload that compliance report. In other words, they've made it slower and less easy.

And remember, 80% of people taking credit cards aren't actually complaint with the PCI DSS!



PCI DSS fail

I failed my monthly PCI DSS scan. This happens quite often. The problem is, people keep finding vulnerabilities in OpenSSL, which is used by Apache to make it into a Secure Server. It's not just me that has this problem, it's also a zillion other web sites, because Apache is the most widely used web server, and OpenSSL is the way you make it do a Secure Server.

Annoying. But not a big deal. I downloaded the latest OpenSSL version 1.0.2a, compiled it and installed it. Then I recompiled Apache and reinstalled it, started it up and asked TrustWave to do a rescan, and it passed. So I'm PCI DSS compliant again.

I wonder how many others are compliant? The last report I read, showed that 80% of sites are non-compliant.

Thursday 26 March 2015

Another shaver bites the dust

I like to shave with an electric shaver. I prefer the to-and-fro kind to the rotary action, I don't have a logical reason for this. The model I've been using for quite a while now is the Goncon Guangke, which costs about £9.

I've tried more expensive shavers, but the usual problem is that the foil breaks, and then a replacement foil is maybe £18. If you think about the complexity of an electric shaver, you'll realise that it's a pretty simple device. Why would an expensive one be significantly better than a cheap one?

So with the Goncon, I get the whole thing for less, and it gives me a good shave. Currently, I have three. I had four yesterday, but the foil on the one I use, fell apart, so I brought out one of the three spares I have.

But it's a while since I researched this, and I wondered if there was anything I was missing. I came up with this shaver It's under £8, but the really good news, is that it comes with two replacement heads, and one replacement foil. It isn't washable, whereas the Goncon is, but since I've never actually washed the Goncon, I don't see that as a disadvantage. So I've ordered one, and if it's good, I'll buy three more for £7 each, which should see me OK in shavers for about a decade.

Worldpay saferpayments

Worldpay.

A long time ago, I signed up for credit card processing with the Royal Bank of Scotland. When RBS took over Natwest, I found myslf dealing with Natwest. Natwest, in some sense, morphed into Worldpay (I don't know how or why).

Each of these changes meant that I had to take some action. Of course it did. Why would THEY care about us hard-working small businesses?

Then along came the PCI DSS (payment card industry data security standard). that was several years ago. I took it seriously, did a bunch of programming, installed encrypted file systems, installed a camera to watch the servers, and so on and so on. I filled in a form with hundreds of questions, and my servers are tested each month. And about one month in six, some new vulnerability is announced that means that I have to reinstall various things on my servers. It's a pain, but I can see the need for security!

Compliance is pretty much compulsory. There are big fines if you're non-compliant, and you can be barred from accepting credit cards. So it's all good, right?

Except that in 2015, several years after the scheme was launched 80% of businesses are non-compliant.

So today's rant comes to you courtesy of Worldpay. They just sent me a letter. My compliance, which was formerly checked by Trustwave, will now be done by SaferPayments.

What does this mean for me? Well, I don't know. The Trustwave user interface was horrible (it was all done via Flash), and we all know the security problems with Flash, so I don't know why they did it that way, except that Flash makes the user experience worse, so maybe that's what they wanted? But after using it for some years, I'm used to it, and know how to use it, and I'm able to maintain my PCI DSS compliance.

So now it's all going to be changed.

I've ranted about this before. The banks keep changing my interface to the card system, for no good reason. There are changes in the card system that are really needed (I'll list a few below), but no-one in any of the acquirers has ever asked my opinion. Despite that, I'm giving it; I've told them before and I'll tell them now. Stop changing things for no good reason!

So what does need to be changed? Here's a few suggestions.

1. When they send me a new card, the card number is the same. But the card number is like a password to my money! Some banking systems require me to change my password every couple of months, but my credit card number has stayed the same for many, many years.
So here's my suggestion - when you send out a new card, chenge the number!

2. When a card is cancelled, banks continue to accept billings on it for a while. That's just insane.

3. When you give your card number, you're also asked to give the expiry date. Some banks require that this be correct, but some banks don't. That's crazy. They should check that the date is correct, otherwise, why ask for it?

4. When my bank phones me, they want to put me through a security check before they'll talk to me. But I don't actually know who phoned me, all I know is that someone phoned me claiming to be my bank. So I don't want to reveal security details to an unknown, and they've forgotten to set up a system so that I can know that it really is my bank (forexample, they might mention a password that I've assigned to them). So what I have to do, is phone them back (and, for obvious reasons, I can't use the number that the caller would give me, I have to use a number that I know really is my bank) and then ask for the person who called me, and in a big organisation like a bank, they usually don't have any sort of "phone book" that would let them put me though. So banks - please fix that problem.

CC dumps for sale

I've recently started getting a large number of spams with the subject "CC dumps for sale". I'm guessing that this means that they're offering credit card numbers in large numbers.

They accept payment with bitcoin, and they give an icq number for contact. The emails are being sent out by a botnet.

Hopefully, there's police authorities also getting these emails, and they'll do something about it. I don't have much hope of this, though.

Another (perhaps related) mass spam is "Employment", offering a post as "Internet Manager". This is, of course, looking for money mules, to launder the money that the scam collects.

Wednesday 25 March 2015

Another nibble at the Essex Way

The high point of the day was when I fell off the bike, because the track was so uneven. But I was going very slowly at the time, and I fell well, and didn't get hurt.

59 caches done, and I think one more trip will complete the Essex Way!

Tuesday 24 March 2015

Fixing computers

Even better than using computers, is fixing computers. I take great pleasure in fixing things, whether it's mending a toy of grandson.1, or sorting out a bicycle, or bringing a dead computer back to life.

On Sunday, one of my main servers went down. I contacted my colocation hosts (safehosts) and got a hands-and-eyes service, but it soon became clear that pounding on the keyboard wasn't going to lead to a solution. So I decided to make a site visit, asap.

I went to their support ticket site, but it wasn't working - they were in the middle of changing over from one support system to another. So I called their phone number - that didn't work either. Apparently, it sometimes gets itself into a loop and can't take outside calls. Fortuunately, I have the mobile number of the boss there, so I called him. I understand that they've now fixed these minor (but very important) problems.

So on Sunday evening, I loaded the car up with everything that I thought I might need in order to fix eight computers. Eight? Yes - I keep a lot of spare computers at the colocation, and when one goes down, I switch over to one of the backups. I haven't been there for 18 months, and I had accumulated eight faulty computers.

My usual practice, is to get however many computers set up and ready to run here, then take them down and swap them for the faulty ones. But this time, I decided to try to repair them on-site.

I arrived at 11am (it's a two hour drive) and set to work. The first computer (the one that had only just gone down) was a puzzler. I swapped the memory, I swapped the power supply, I swapped the motherboard and cpu. Nothing helped. That only left the hard drives, and sure enough, one of them had the condition that I call "killer drive". It's very rare, I'm glad to say, but the symptom is that when that drive is connected to the computer, the computer can't start up. When the drive is disconnected, it can. I have no idea what the cause is, but the cure is obvious. So I swapped that hard drive, and another one that had been giving a lot of errors, put in a new CMOS battery, and the computer was good. That took me over two hours, and at that rate, I wasn't going to finish before midnight!

The second computer was operational, but it had a hard drive with lots of errors, and it crashed every week or so. I replaced the hard drive, and replaced the memory. The old memory was "Rendition" brand, and I've had a lot of problems with that.

The third computer just didn't start up when power was applied, but it did start when I pressed the start button at the front. That's easy - I opened it up, and changed the CMOS battery, and that fixed it.

The fourth was another pig. I changed the dead battery, but that didn't help. So I swapped out the motherboard, and then it would start up. But the new motherboard was a Foxconn, and the old one was a Gigabyte, and the ethernet is different, and I couldn't remember the magic incantation that you use to tell it to forget the old ethernet and auto-detect the new. So I reinstalled Linux. And what with the install (which I had to do twice because I dropped the keyboard in the middle of doing it the first time and it hung), and with all the fuffing about, that took about two hours.

The fifth one had a bad hard disk that I replaced, and I also replaced the battery. These batteries are really cheap, but absolutely vital if you want to leave a computer switched off for many months, and expect it to start up as soon as power is applied. Because the default CMOS setting, is "don't start the computer when power is applied" and it goes to that default when the battery is dead.

The sixth one needed a memory replacement (but I also put in a new battery).

And the seventh one just needed a new battery.

I didn't do the eighth one, because the problem it had was two dead drives, and I could get by without using those drives, because it had four good drives still in place. I'd run out of spare drives and time by then, anyway.

So I got home at about 8:30, job well done, in time for Gotham, which if you're a Batman fan, is absolutely excellent, being a modern take on the whole origin story, and the best character so far by a long chalk is Oswald Cobblepot, better known as The Penguin, because he's nasty, slimy, psychotic, ruthless and evil. Although the young Catwoman is rather nice.

Sunday 22 March 2015

To Dunstable with ladysolly

We walked round on a lovely warm day; it was so warm that ladysolly had to remove a layer, it was that warm! A couple of dozen caches found, then back home, where ladysolly dropped a cast iron cookpot onto a plate that contained my dinner, and smashed the plate. Because of the possibility of chips of china, we had to bin the whole thing, but ladysolly generously gave me her dinner to make up. I did offer to go halves, but she insisted. She had fish and salad instead.

Friday 20 March 2015

400 on the Essex Way

Today was another day doing a piece of the Essex Way. But first, on the way there, while I was driving round the M25, the eclipse! Which, for me, was a big fat nothing; 100% cloud civer meant that even at the point of maximum eclipsification, the sky was slightly darker, and that was it.

I got there, parked, and then parked again when a nice man came out of his house and asked me to park on his tarmac, because he planned to cut the grass. Then I got onto the bike, and pedalled away.

My first circuit was 24 caches, then I relocated the car, had lunch, refreshed my batteries, and did abother 27 or so.

On the way home, driving South on the A12, I got stuck in a horrendous traffic jam at the exit to the M25. I spent over an hour there, and ladysolly was most displeased with the effect on dinner.

Thursday 19 March 2015

Another reply from HMRC

Identical to the first one.

"The e-mail / phonecall was from HM Revenue & Customs and is nothing to be concerned about."

The "/phonecall" bit makes me think that this is just a standard response, they didn't read my email, they didn't look into it, and no action will be taken.

HMRC will continue to send out emails that are indistinguishable from phishing emails, and then when someone responds to a malicious phishing email, they'll say it wasn't the fault         of HMRC.

Because of the impossibility of talking to anyone in HMRC who knows anything, and the impossibility of getting through to them via email, I'm giving up in trying to explain to them what they're doing that's wrong. I've done my best, but this isn't actually my problem.

Wednesday 18 March 2015

What HMRC should have done.

Right now, I'm maybe 80% of the opinion that this really did come from HMRC, despite being told by their helpline that it's a phish. So how should they have handled the need to update their software?

First and foremost, the PAYE Basic Tools should be handling this. When I start up the software, it should check the HMRC gov.uk domain to see if there's an update required, and it should notify me to do it. This could, with a suitable crypto system, be made really secure and proof agains MITM attacks. Email is probably the worst possible way to do this.

But since their software doesn't do this (didn't it occur to anyone that it would need updating each year?), and given that they decided to tell everyone by email, what were the big mistakes they made?

1. The email should have been sent from the HMRC domain, gov.uk. Not from some third party domain (govdelivery.com). And especially, not from some third party domain while pretending to be from gov.uk.

2. The opening greeting should have been "Dear Dr Solomon" and not "Hello employer". Because on their database, as well as my email address, they have my actual name, which a phisher tends not to have.

3. They shouldn't have given a link to download the software. They should have told me to go to the hmrc.gov.uk web site, and they shouldn't have given a link to it. And they very much shouldn't have given a link to a third party domain (govdelivery.com).

4. And they should, perhaps, not have done this by email at all. If they'd sent a paper-type letter, then that would have been much better; phishers don't do that.

5. And by the way, why is the British government paying an American company to distribute their stuff; I'm guessing that the American company isn't doing it for free. Aren't there any British companies that can send emails for you and host your software?

Phish or no phish?

So today, I phoned HMRC; their helpline is 0300 200 3600. I spoke to Emma.

I explained what I'd received; her opinion was that it was a phish. When I said "govdelivery.com", there was no spark of recognition. She suggested that I should forward it to phishing@hmrc.gsi.gov.uk. so I did that, with the following email.

This email did *not* come from gov.uk; I looked at the header and it came from govdelivery.com.

The link to dowenload the software does *not* go to gov.uk (even though it claims to), that also goes to govdelivery.com

I can forward the full thing, including headers, if you want.

I checked here:

https://www.gov.uk/government/publications/genuine-hmrc-contact-and-recognising-phishing-emails/genuine-hmrc-contact-and-recognising-phishing-emails

It is not on the list of "Current list of digital and other contact issued from HMRC"

Looking at "How to tell if an email is fraudulent"

2.1 Incorret email address. Although it says it was from @hmrc.gov.uk, looking at the header shows that it was actually from govdelivery.com

2.2 Personal information. It doesn't ask for personal informaion, it does something far worse, it's asking me to install software on the computer we use for financial stuff.

2.3 Urgent action required. It says "Download now and be ready"

2.4 Bogus web sites. The link claims to go to gov.uk, it actually goes to govdelivery.com. I didn't visit the web site (for obvious reasons) but I checked the domain name with "whois" and it's registered by a company in America.

2.5 Common greeting. It starts "Hello Employer"

2.6 Attachments. There's no attachment; instead, it's asking me to download, install and run their software. Which is worse.


So I phoned 0300 200 3600. I spoke to a lady there who gave her name as "Emma", and she told me that it was a phish, and I should forward the email you you, which I'm doing now.

So here's my question.

Is this a phish? Or is it a genuine email from HMRC, written in such a way as to make it look *exactly* like a phish?


Let's see what happens next.

Meanwhile, I went to the gov.uk web site (which really is HMRC), and downloaded the latest version of Basic PAYE tools, and I'll install that, because at least I can be sure that it's kosher.

Tuesday 17 March 2015

Essex way encore

It rained as I drove towards my start point, but just as I parked, the rain tailed off, and by the time I was ready to bike away, it had stopped!

I did two circuits, but less than half of the caches I did were Essex Way. Oh well, more for the future!

My left pedal has been sticking; it doesn't rotate freely, and that was a bit annoying, But not nearly as annoying as what happened about half a mile from the car (on the way back at the end of the day). The left pedal completely unscrewed and clunked onto the road! It'll be a fairly minor job to fix it, I think.

57 caches done today, and my elbows are feeling a lot better.


A disturbing reply from HMRC

They think that the email was kosher!

Thank you for contacting HM Revenue & Customs.

The e-mail / phonecall was from HM Revenue & Customs and is nothing to be concerned about.

If you think this communication is incorrect, you may wish to contact the relevant HMRC business area. HMRC contact
details are published within the link below:

https://www.gov.uk/government/organisations/hm-revenue-customs/contact [www.gov.uk]
I'm guessing that they didn't notice the phony URL?

Monday 16 March 2015

Get ready for the new HMRC Basic PAYE Tools

I use the HMRC Basic PAYE Tools. That lets me pay my PAYE obligations to the government each month. It's fairly easy to use. And today I got an email.

Hello Employer,

                         Important information for employers using Basic PAYE Tools (BPT)



We have identified that you use our BPT software to calculate and submit your payroll.  In order for you to use BPT
for 2015/16 you need to have downloaded the latest version which will allow the 2015/16 update (due early April) to
be found automatically.

The latest version (number 14.2.14330.88) is available now on the GOV.UK website and you must download this version
in full. You cannot get it using the ‘Check for updates/Check now’ setting on your current BPT.

Your BPT will not automatically update for 2015/16 without doing this.

What you need to do:

 *  Go to https://www.gov.uk/basic-paye-tools

 *  Scroll down the page and select the appropriate download link for your operating system (e.g. for Windows users
    select ‘Download basic PAYE tools for Windows – except Vista’)
 *  Once the download is complete, open the downloaded zip file and open the setup application file within it to
    begin the setup wizard.
 *  Proceed ‘Next’ through the installation as normal
 *  Once the installation is complete, select ‘Finish’

All employers should back-up their data before installing new versions of BPT.

Download now and be ready.

                                                       

Helping us to help you.

                                                       

A Walsh

Alison Walsh

Head of Digital Support for Business and Agents


So I checked the link they gave; it actually goes to govdelivery.com. I've not heard of that, so i did a WHOIS on it.

Registrant Name: GovDelivery, Inc.
Registrant Organization: GovDelivery, Inc.
Registrant Street: 408 Saint Peter Street
Registrant City: St. Paul
Registrant State/Province: MN
Registrant Postal Code: 55102
Registrant Country: US
Registrant Phone: +1.6517267309
Registrant Phone Ext:
Registrant Fax: +1.9999999999
Registrant Fax Ext:
Registrant Email: dave.sommerness@govdelivery.com





This means that the domain that I'm being sent to, was registered by someone in Minnesota, USA. That makes me wonder if this really is an HMRC web site. Or, to put it another way, I smell fish.

So I'm not going to download and install their software, but I am going to forward the email to HMRC.


Saturday 14 March 2015

All fall down

I've noticed that, as you get older, the consequences of falling over get worse.

I've fallen over many times; I can say that I have experience in this. A few times, I've fallen from my bike, most times I've fallen from my feet.

A few days ago, ladysolly fell over. I wasn't with her, so I don't know how it happened - nor does she. But down she went. And then, the day after that, she could barely move. In particular, one of her feet was hurting so much, I almost had to carry her upstairs. We planned to take her to the doctor next day. But when the next day dawned, her foot was fine, so we didn't bother. And yesterday, she was still fine, and went on her long-planned Bridge weekend, leaving me to forage for food (fortunately food isn't hard to find in Buckinghamshire).

A week or so ago, I tripped over my own feet while walking along tarmac back to my bike; I know what happened, it was a rough bit of road, I was tired, and I just couldn't keep my balance. I went down, hit the road, and bounced a bit. I wanted to lie there and collect myself, but my first thought was, it's dusk, and if a car comes along and doesn't see me lying in the road, I'll have a worse problem than a couple of bruises. So I scrambled up, and I was pretty much OK, I thought.

That evening, I found a big purple bruise on my hip where I'd fallen, and it hurt to lie on that side. That's sorted itself out, I'm glad to say, but I also have pain in both elbows, especially yhr left, which it taking a lot longer to heal.

So my advice is, don't fall over.

Pee po belly bum drawers

I've always had a problem with the concept of "taboo words", and so did Flanders and Swann. Tell me, what harm has been done to you, or to anyone else, by your reading the word "drawers"?

The law has problems too. In 1960, Penguin Books was prosecuted in the UK for publishing "Lady Chatterley's Lover". The prosecution asked if it were the kind of book "you would wish your wife or servants to read"! The jury, who probably didn't have a single servant between them, returned "not guilty".

There have been obscenity trials since then, but the only ones I can recall were more "not guilty". It does seem to be generally accepted that obscenity isn't illegal.

And so, in the fullness of time, the word "obscenity" has been replaced by the word "inappropriate". I have even more trouble with that word. What is inappropriate, and who decides?

Which words are inappropriate? Recently, Benedict Cumberbatch was force to apologised for referring to "coloured actors", and from what I can gather, the phrase "people of colour" is OK, but "coloured people" is not. Colour me baffled.

Most recently, there was an incident at the University of Oklahoma. A bunch of students from a fraternity (Sigma Alpha Epsilon) were videoed while chanting. I did a bit of googling, and I couldn't find their exact words, except here. This, I'm guessing, is because the words were so taboo that they can't even be quoted. But the used the "n-word" and mentioned lynching.

Let's consider the n-word. This is a word that is currently considered to be so appalling, that it can never be uttered, even to quote what someone else said. So the quotation has to be Bowdlerised and readers are expected to guess what "n-word" stands for.

Most readers will be able to guess. That means that "n-word" is a synonym for the word that may not be uttered. Which surely means that the word "n-word" is equally taboo. And we need a word that refers to the word "n-word". I'd suggest n-word-word, but this leads to an infinite series.

But anyway.

The reaction of the University was to expel two of the students who were videoed chanting. And to close the fraternity. The students have two days to get out.

My American reader probably knows what a fraternity is, but I'd guess that one of my two UK readers might not know the implications here. One of the functions is to provide accommodation. This means that a number of students have been turfed out of their digs, irrespective of whether they were involved in the incident or not. I remember my student days, and I know we did some naughty things (if persuaded, I could relate an incident concerning a coffin and a large quantity of beer), but if we had been found out, I'd have been very surprised if the university evicted everyone who lived in the same building on account of what two people did.

That's collective punishment; the punishment of the many for the sins of a few. I'm surprised that a university would so such a thing. But I'm not surprised that the fraternity has lawyered up - this is America.

But apart from the bunch of innocent students penalised for something they didn't do, what about the two caught on video?

At this point, I'd like to explain about the US Constitution - again, my US reader is probably familiar with it, but not many people outside the US are. One of the great things about the US Constitution, is that you can change it. And the first change they made (which they call the "first amendment") included freedom of speech.

"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."

 So, does this apply to this case? I don't know, but my guess is that it does, The speech might be offensive, but can a public institution punish it? The fraternity is a private institution, so they could expel the boys from the fraternity, but the University is a public institution, so the First Amendment applies. Maybe the US court will decide, because by now, positions have been taken, defences prepared on both sides and compromise is going to be "inappropriate".

In my view, the fraternity should expel (from the fraternity) the boys who were being so offensive. The University should have issued a statement saying that the  boys should be ashamed of themselves, and that should have been the end of it.



Friday 13 March 2015

More Essex Way

Ladysolly is off to play bridge for a couple of days, so I escaped down the Essex Way again, and did another 60 caches on the bike. This also means I get to have curry for dinner, with a bottle of beer!


Thursday 12 March 2015

Free energy

Recently, I've been getting a slew of spams offering me free energy. Just plug this in, and it powers my home for free. Is that possible?

So I looked into the scam. Because free energy is, of course possible.

Most people will tell you that free energy isn't possible, but they're wrong. I know that, because I built a free energy device myself, when I was fourteen. It was a crystal radio.

A crystal radio needs no batteries. It works like this. You have an aerial, which is just a length of copper wire, and you have an earth, which is just a rod hammered into the ground. Between the aerial and the earth, you have a coil and a capacitor in parallel, and one of those is variable (I used a variable capacitor). Across those, you connect a rectifier (a diode, that's the crystal part) and a headphone, and by tuning the capacitor, I was able to listen to The Light Program (now called Radio 1, or maybe 2, I don't know).

This is collecting power from the radio waves and using it to power the headphone. No batteries are needed.

But it's not much power. A fraction of a watt. A very small fraction of a watt. Enough to power a sensitive headphone; not enough to power a house. How small? You'd be lucky to get 20 microwatts. So you'd need 50,0000 of them to get one watt of power, and one watt isn't much. A light bulb might be 40 watts. Two million crystal radios might power a light bulb.

So it's free energy, yes. But not enough to be useful.

So what's the scam? Well, they exaggerate. A lot. And you pay $49, or $99 for the plans, and you then have to spend money for the parts to build a small "generator", which shows you that they whole thing does actually work, although you don't get much power from it, and then you think about scaling it up by a factor of a million, and you don't do it. And if you demand your money back, and you paid by credit card, they will actually do a refund, because otherwise they'd get trouble with the credit card system. But very few people are going to ask for a refund. And so the scam goes on.

But I would urge any child to build a crystal radio; you make it out of things that you can find around you, and when it works, it's like magic, except it isn't magic, and it leads you into electronics, and computers, and fun stuff like that.

Tuesday 10 March 2015

Essex Way again.

Another 50 or so caches, along the Essex Way. I've done more than 2/3 of them.

I was chased by a dog today. The first I heard of the dog was a faint woman's voice, far away, calling "Buster, Buster". Several minutes later, the dog appeared, fairly frisky and about the size of a small sheep. He tried to chase me on the bike, which, of course, involves trying to get in front of me so that I can run him down, which would maim the dog, but also tumble me off the bike. He followed me for a few caches, and all the time, I could hear "Buster, Buster". The dog would have been able to hear it too, but he ignored his owner's plaintive cries, just carried on chasing me.

Eventually, we got to a road. On a road, I can easily outpace a dog, but he'd have chased after me, and probably gotten killed by a car, of gotten so lost he'd never find his owner. So I waited by the road, until eventually the owner showed up. She explained "He's only a puppy, he likes chasing things". So I explained to her about what would happen to him if he got run over by a car, and "He's only a puppy, he doesn't realise it's dangerous, it's up to you to make sure that he's on a leash, otherwise you could have a dead dog."

I don't think she was listening, though.

I saw the first lamb this year.




51 caches found.

Saturday 7 March 2015

Tilsworth trundle

I went out with ladysolly today; about 5 miles walked and about 20 caches done. One field that we crossed had a couple of friendly horses; ladysolly has been nervous about horses since she was bitten by one a few years ago. No bites this time, but one of them put his head down and pushed her across the field, which she didn't like at all.

Thursday 5 March 2015

Your lifestyle

I've had a couple of calls from these people. The first one was by a chap called Carite Care, and we spent several minutes with him spelling out his company name and has own name, so I think I got it right. Then we got down to the nitty gritty - he wanted a few moments of my time. When I asked him how many, I think he lost patience and hung up.

The second call was by a lady called Grace. Before she could ask me any questions, I started asking her. First her age - she's 32. Then I asked her socioeconomic group, A, B, C or D. She said A. Then I asked what city she was calling from, and she said "overseas". Yes, I said, I can hear that, but what city? "I'm not allowed to reveal that," she said. "OK," I said, "fair enough" and I hung up.

The scam is this. They want to ask you questions that reveal what you'd be good for as a sales lead, then they sell the lead on to a company that will, for example, try to get you to change energy supplier. Why is this a scam? Because I'm registered with the TPS, and they're not supposed to make sales calls to me.

But if they do, I regard them as a legitimate source of entertainment.

Petitions

I have an idea. Every petition should have, as well as a place for showing your support, a place for showing your opposition. This will lead to a more balanced and fair outcome.

For example; suppose you want to persuade whoever is persuaded by petitions (probably no-one, but maybe I'm wrong) that every petition should have a place to sign if you agreee, and a place to sign if you disagree. And suppose that only one person in a hundred agrees with you, and the other 99 are anti. By reaching 100 million people (for example, by using Facebook, or this blog) you would amass your million signatures. But the person receiving your petition would rightly ask "But how many people are against this ingenious idea?" 

By using this idea, you would be able to say "only one, and he's a bit of a scroat anyway". Without this idea, the 99 million against the idea are, effectively, disenfranchised, unless someone goes to the trouble and expense of organising a counter-petition.

 You can show your support, or otherwise, in the comments.

Wednesday 4 March 2015

Fliegles

When I got back from my last caching expedition, I had a lot of pain in both fliegles, but especially the left one. And I don't really understand why, because the route hadn't been very stressful on them, and there had been no bike lifting needed (except in and out of the car).

So I put the left fliegle in a neoprene bandage/strap, and the right on in another one, and left them on for as long as I could. So now, three days later, they're both feeling much better. But I'm a bit nervous about straining them again, so I'm going down to London today with ladysolly to hang out with the daughters, which will give the fliegles another couple of days rest and recuperation.

Tuesday 3 March 2015

Sir Cliff again - could it get worse?

How could it possible get worse? New revelations - "300 children were sexually exploited by gangs in Oxfordshire over 15 years" (the men jailed were Akhtar Dogar, Anjum Dogar, Kamar Jamil, Assad Hussain. Mohammed Karrar, Bassam Karrar and Zeeshan Ahmed) makes one wonder where else this has been going on. So could it get worse?

Our beloved government is planning to give five year sentences to social workers and teachers who fail to act upon suspicions of child abuse. Let's consider what the effect of that might be.

I try to imagine that I'm a teacher, or social worker. My first impulse, when this legislation comes in, would be to get a job as a programmer. Programmers don't get five years in prison for not doing their job as well as someone else thinks they should. The worst we face is publishing a buggy program, and possibly being fired. But what about people who can't get a different job, or who are imbued with enthusiasm for their vocation as a social worker? What will they do next time they see a child with a bruise? Here's the calculation - fail to report it and you risk five years inside, report it and if it's the result of the usual childhood knocks and bumps, then the likely result is a large waste of time investigating it (and remember, time spent checking into a bruise, is time not spent doing something possibly more important). Which means we'll need more social workers, because they'll be needed to investigate all the suspicions of child abuse.

And, of course, more children will be taken into care.

But care homes are prime stamping grounds for bad people looking for neglected children, because the adult/child ratio in a care home is likely to be much worse than in a parental home.

Or, to put it another way, this proposed new law could wind up making the situation worse. We can only hope that the politicians will think about this, and pour adequate funding into the social services and care homes. Funding that can only come from ... where?

Sir Cliff again

This is in relation to an alleged assault in 1985. And apparently, there is "more than one allegation", which I would guess, means two.

Let's leave aside the way that the police got the BBC involved in coverage of the original raid, which I think was very shabby. What I'd like to discuss here is the allocation of resources.

People agree that child abuse is a terrible thing, of course it is. And even if it happened 30 years ago ... hang on.

The problem is that of gathering evidence, 30 years after the date of the the alleged crime. If you asked me where I was or what I did on 3 March 1985, I wouldn't have the foggiest idea. Maybe if I'd been in Australia giving a talk on Antivirus issues, there would be documentary evidence of that, but I doubt it - I don't have the paperwork from 30 years ago, and I doubt if the event was important enough for it to have something about it somewhere on the internet. All I would be able to swear to is "I can't remember where I was or what I was doing".

That's why there's a statute of limitations. In most European countries, this is 12 years, with a maximum of 20 years for underage victims, I won't say what the limit should be, that's something for careful discussion and consideration. I just say that there should be a limit, because under current law in the UK, you can be prosecuted for somethnig you did (or didn't do) 80 years ago.

But now lets look at allocation of resources. And that has to do with how urgent and important a case might be. So what is more urgent and important, the 1400 victims in Rotherham that have only just come to light, or the possibility that Sir Cliff Richard did something bad 30 years ago? "It is hard to describe the appalling nature of the abuse the child victims suffered", said Professor Alexis Jay in her report on Rotherham; she said that South Yorkshire Police had failed to prioritise the issue.

And that's the problem. It's the allocation of resources. A team of police investigating an alleged 30 year old crime, cannot be investigating 1400 current crimes. Because here's what worries me. Was it just Rotherham? Or are there other similar situations that aren't being investigated because the necessary resources are pursuing 30 year old alleged offences?

Is your hard drive going to fail?

Yes, obviously. But is it going to fail in the near future? Maybe you think that's in the lap of the gods, and to some extent, it is. But there's a way of predicting future fails. It's called SMART, Self-Monitoring, Analysis and Reporting Technology .

I keep tabs on all my systems, by occasionally running "smartctl" on each of my drives.
That's a linux program, but I'm sure there's equivalents for Windows and Macs. That reports a whole bunch of things, but the one I look at is the "reallocated sectors count" (RSC).

When a sector goes bad, the drive cleverly marks that sector as "don't use it" and uses a sector that's in its special reserve area instead. Every drive I get these days, is SMART-enabled, and lets me read the RSC. And I keep a historic record of this.

Obviously, zero RSC is ideal, and if a new drive doesn't have zero, I'd return it under warranty. Maybe I'd accept one or two, but it's always been zero.

The drive will then go for years with zero RSC, but one day, you'll see one, or a few. This stays at that level for a while, then slowly inches up.

Eventually, it reaches a few hundred, and that's not good. You should start saving up for a replacement.

With a 1000 gb drive, at least, with the Maxtors that I use), 2047 is the maximum (Seagates have a larger RSC maximum). When the RSC gets to over 1000, that's a signal to me to replace the drive. It's still working, so it's easy to copy the data onto the replacement (I use rsync, but there's probably Windows and Mac equivalents), and dispose of the old drive. I wipe the hard drive by writing zeros over the whole drive, then I put them into caches; I always carry a drive in my bike saddlebag for when I encounter a sufficiently large, and dry cache to put it in. These days, that's not common, maybe one cache in 500 or more?

Other drives have other limits. I had a 3000 gb Seagate drive that had and RSC of 31368 - as soon as I saw that, I replaced it! Another 3000gb drive had 40736. A Seagate 1000gb had 4012 - it went from 45 to 4012 in ten days. That's another signal; if the RSC is changing rapidly, be warned.

A Seagate 750gb drive had 4010 RSC, a Seagate 2000gb had 19456. I've never found a source that would tell me the maximum number for each type of drive.

So what happens if you go on using the drive?  It will run slightly more slowly, because the drive will have to do extra seeks to read those reallocated sectors. But eventually, there will come a time when the drive can't read a sector, despite many retries. And then it won't be able to read a few sectors, and then it won't be able to read many sectors, and then you have a nearly failed drive, with some unreadable files. and that will, of course, get worse and worse.

Of course, drives also fail suddenly. I had that recently; I was replacing a drive that had more RSC than I was happy with, and when I started the computer up again, the system drive failed. Totally. Not a big deal, it just means that I put linux on a new drive, because for all my big computers, the system drive is separate from the data drives. So you should think that monitoring your RSC is a substitute for good backups!

So that's my policy. When a drive's RSC is above 1000, then it's time to replace the drive.

Sunday 1 March 2015

Halfway along the Essex Way

Another slice of the Essex Way today. As usual, I took the bike so that I could bike back along the roads. I did a few extras along the way. This bridge isn't as rickety as it looks.


In Coggeshall, I found this shop:


I did the halfway puzzle cache; fortunately, I've been keeping the info that I've been gathering along the way, you never know when it might come in handy. But the puzzle was very nice and unusual; I've not seen a puzzle like it before. I only had about half the information I needed, but I made some guesses and got all the information I needed. The final is *very* cheeky; a large cache in plain sight of all muggles, yet unlikely to be muggled. Very nice! I left a 2tb hard drive as a swap.

57 caches completed today.