Pages

Wednesday 30 December 2015

Center Parcs Wifi

So here I am at Center Parc, blogging via their wifi.

Unlike the Eurodisney wifi, it's a good one. I just fired up my browser, their system welcomed me, and then got out of the way. I can use http and ssh, which is all I need.

Unlike Eurodisney.

When we went to Eurodisney, they decided to censor their guests, so I couldn't reach the servers I needed to log into. I complained, to no avail, so I worked out a workaround.

Disney censors on the basis of domain names. So I set up a domain name on my hosts file, with the translation to the IP address I needed. The Disney censor let that through - what a puny censor. A proper censor would also censor on the basis of IP addresses. It's easy to do that if you're already censoring via domain name.

It reminded me of the time I tested censoring software for PCs. I installed it, and tried to use my computer as normal. But when I needed to buy some nuts and bolts, I went to my usual supplier for such things, and the censoring software blocked access. My usual supplier is "Screwfix". The software decided, on the basis of the word "screw" that it must be a porn site.

So, back to Center Parcs. We just competed in a "pub quiz". 90% of the questions were either sport or popular culture, and if the answer isn't 1966 or Britney Spears, I'm lost.

But one of the rounds was called "Maths" and great things were expected of me, as two of my degrees are in maths, and the other two are maths-related. The reality was disappointing for four reasons.

The first disappointment was that the questions were simple arithmetic, such as you can do in your head in a couple of seconds.

The second disappointment was a puzzle where the setter hadn't heard of BEDMAS which made the apparent answer nonsensical. Fortunately, there was someone there who said he was a maths teacher and pointed out that it was nonsense. Unfortunately, I realised it was a BEDMAS failure and was able to work out the right answer.

The third disappointment was another BEDMAS failure. Again, the maths teacher pointed out the failure; again I was able to work out what the puzzle setter should have doe, and got the right answer.

The fourth, and worst disappointment was that the quizmaster decided to award ten points for that series to everyone, whether they got it right (as we did) or not (a everyone else did). And so defeat was snatched from the jaws of victory and we got a very pathetic average score.

Oh well. It's only a game.

Tuesday 29 December 2015

People are good

When I get off the bike and start looking for a cache, I often lay the bike down. That's because on many surfaces, using the kick stand leads to the bike falling over, which can cause damage, especially to the gps holder.

Sometimes, a car will come alongside, and ask if I'm OK. This is because my bike looks as if I've had an accident, and I'm standing around looking rather random, because I don't really want a car driver to see me looking for a cache.

I perceive this as part of the innate goodness of people. They really are concerned that I've come off the bike and might be injured. I get this from both men and women, old and young.

So I say to them something like "Thanks for asking, I'm fine, I'm just haveing a short rest" and they go on their way.


Monday 28 December 2015

Hartley Heart Attack, part 7

A big bite today! I did as many caches as I am years old, cruising around East Hatley.

No DNFs.

Saturday 26 December 2015

Christmas presents

Walking boots. Toothbrush. Gloves. Pliers. Side cutters. Hand warmers. Warm merino mid-shirt. 2016 Calendar Challenge. ASBO t-shirt.

And about 50 books!

Merry Christmas

Ate too much. Laughed a lot. Ate some more. Played Pie Face.


Lost.

Thursday 24 December 2015

New alarm clock

My old travel alarm clock is analog, and although it keeps good tome, it's almost impossible to set the alarm time. So I thought I'd get a new one. My first stop was, of course, Ebay.

So I bought one of these.
It's £2.01; stuff is so cheap these days! I remember about 30 years ago, something like this would have been £100. 50 years ago, there was nothing like it; ther were only analog clocks. I find it hard to sleep with something ticking near my ear.

I avoided the usual Ebay switch-selling ploy. There's a lot of alarm clocks on Ebay that apparently cost 99p, but when you look, the 99p is for a clock with no alarm, and the alarm version costs £4.31. I really dn't like this switch-seling game, and avoid buying from people who use it.

Wednesday 23 December 2015

Hartley Heart Attack, part 6

I haven't been out for a while; I've been off with a pain in my heel, and I didn't want to make things worse by walking on it. But the pain seems to have gone. On the other hand, my left wrist is still weak. Fortunately, I didn't need to do any bike lifts today.

I did another small bite of this great series, followed by a circuit of nearby caches.

At one point, I had a big problem. I was going down a bridleway with thick hedging and woods on either side, and I came to a point where the way was totally blocked by a treefall.

I went back a few yards, and was able to force my way out to the field on the left, and I progressed along there until I rejoined the end of the bridleway.

39 caches done today, 2 DNFs and three caches that deserved a favourite point.

Tuesday 22 December 2015

British Gas - A/c No. 602131633 - New Account

It isn't from British Gas, of course. Or from Topsource.

From: trinity <trinity@topsource.co.uk>
Subject: British Gas - A/c No. 602131633 - New Account
Hi ,



Please refer to the attached invoice from British Gas, the account number on it is different
from all the account numbers that we currently have in the system. Can you confirm if this is a
new account so that we will create this in system.



Thanks & Regards,

Pallavi Parvatkar



Trinity Restaurants Accounts Team | TopSource Global Solutions | 020 3002 6203
4th Floor | Marlborough House | 10 Earlham Street | London WC2H 9LN | www.topsource.co.uk


And why would a British Gas invoice come from Trinity Restaurants Accounts Team?

SHA256:    4fd0c87920c10568e2f39b3a62c6a61956beb6c638531a651a7a94a551ced259

Jotti - 3 out of 21 flagged it; Ikarus, Kaspersky and Quick Heal.
Metascan - 2 out of 43; Baidu and Kaspersky
Virustotal - 3 out of 54; Fortinet, GData and Ikarus


Virustotal first saw it 2 hours ago. And that's why antivirus products don't flag the files that are sent via email.


Monday 21 December 2015

Two steps to better security

It's Christmas and I've just read my third "Twelve steps to better computer security" article. The authors are optimists. People don't care enough about computer security to take twelve steps - you'll be lucky if you can get them to take one. I'm going to be optimistic, and give you two.

1) Take backups. Your computer *will* fail; your hard drive *will* stop working; your phone *will* break. Did you think that hardware lasts for ever? You need a copy of everything important to you, in a different place.

2) Malicious software. I'd estimate that about 90% of the problem is incoming emails, 10% is web sites that want to take over your computer. I could tell you not to open attachments, but you won't listen. So change your settings in MS Word and Excel so that macros do not run. And install an ad blocker and a javascript blocker (I use uBlock Origin and NoScript)  in your browser.

Have a Merry Christmas!

The shortest day

From now, the days start getting longer, Hurrah!

Sunday 20 December 2015

Dead monitor

One of the LCD monitors that I use for a rolling display of time, temperature and server performance, died.

The Raspberry Pi suffered a kernel panic, and when I rebooted the Pi, there was no display. On investigation, it turned out that the monitor had died.

No biggie.

I remember buying a 12 inch CGA (320 by 200 pixels if you wanted four colours) for £400.
Today on Ebay, I bought a 17 inch 1280 by 1024 pixels, 16 million colours flat panel display for £18, including delivery.

 ... later ...

The monitor arrived. Although the title and description said that it had a DVI interface, it doesn't. I've emailed the vendor to see what can be done.

Saturday 19 December 2015

Father Zbigniew Kowalczyk's blunder

IIn a village in Italy, Father Zbigniew Kowalczyk explained to childeren the difference between Jesus Christ and Father Christmas. Somehow, the children got the idea that Father Christmas doesn't exist, and the parents are angry.

As well they might be.

Father Kowalczyk is wrong. There is no difference between Jesus Christ and Father Christmas. Both of them are imaginary friends based on the possible existence of real people; both of them know if you're naughty or nice, and both of them reward niceness and penalise naughtyness.

I think that telling children about Father Christmas is actually a good and important idea. It's right that very small children should believe and obey their parents - they won't survive if they don't. There are all sorts of ways you can get badly hurt in this world; cars, electricity and fire for example. But as children get older, it's even more important that they gradually learn to think for themselves, and there must come a day when they leave home, and cannot rely on their parents for all guidance.

At the time when children begin to suspect that Father Christmas isn't real, they come to realise that their parents aren't entirely straight with them about certain important things, and just as one invisible friend turns out to be fake, so do others. It's the beginning of thinking for yourself, and realising that not everything that adults tell you is true.




Thursday 17 December 2015

Double Your IQ With This Supplement

From: Doctor Oz Geniux <DoctorOzGeniux@renct.top>
To: drsollyp@drsolly.com
Subject: Double Your IQ With This Supplement

Forbes Called This Supplement Something That Can Make You "The Quickest Thinker On The Planet"

Discover Magazine's Senior Chief Editor checked this supplement and tested it for 4
weeks.
Look at what he found.


Improve Your:
- Concentration by up to 300%
- Creative Thinking
- Energy
- Memory Recall
- IQ Scores by 77%

-> FAST-ACTING FORMULA
-> MONEY-BACK GUARANTEED
-> FOCUS MEMORY ENERGY

Just one capsule a day. What are you waiting for?


Unfortunately, I'm already too intelligent to believe this. Also, I'd have to widen all the doors to get my head through.

Heresy! Light the bonfire!

Wheaton College is a fundamentalist Christian college in America (where else?). They've just put Larycia Hawkins on "administrative leave". Why?


Most of the articles I've read about this, show the picture above, and say things like "after she wore a hijab". Which implies that wearing the hijab was the cause. But it wasn't.

Here's what she said. “as Pope Francis stated last week, [Christians and Muslims] worship the same God.”

This, to a fundamentalist christian, is anathema. Heresy. She's lucky they aren't burning her - they stopped doing that quite a while back.

 A) Fundamentalist Christians do not believe that Allah and Jehovah are the same. Saying that they are, is heresy. Wheaton's dogma is that Jesus is god, and since Jesus isn't Allah, she's contradicting their dogma.

B) Possibly worse, is citing the Pope as a faith leader. Not to protestants, he isn't.

By the way, a worse thing she did, in my opinion, was to ask the Council on American-Islamic Relations whether non-Muslims wearing the hijab is forbidden. If I want to wear a scarf on my head, I will do so without consulting any faith group, and I will do it even if there's a faith group that regards it as forbidden. The rules for your faith, do not apply to me.

I think that Larycia is in the wrong. If she wants to teach at a fundamentalist Christian college, she has to conform to their dogma, just as if you want to be a catholic priest, you have to accept transubstantiation (that's the thing where a biscuit and wine actually change to become human flesh and blood). If you don't accept the basic doctrines, you can't be a priest, just as if you can't program in perl, you can't be a perl programmer.

I once met a chap who used to be a priest. He decided that it was all piffle (the way he put it, "I lost my faith") so he left and became a driving instructor. Good for him!

Larycia, you must recant, recant and abjure the devil and all his works. Then you can have your job back. And no mumbled  "Eppur si muove".

Or else go work for a proper college.

Bad grammar

Dear Amazon.com Customer,

During our usual security enhancement protocol, We observed multiple login attempt error while login in to your Amazon account .

We have believed that someone other than you is trying to access your account for security reasons,

We have temporarily suspend your account and your access to online Amazon and will be restricted if you fail to update



  Click here  

Appalling grammar. Don't let anyone tell you that it's a waste of time learning good grammar. If you ever get into the scam business, you'll need it.

By the way, the link leads to myverifawayzer.com. I didn't bother to go there.


Pi 2

I've been using a Raspberry Pi for email processing. I like using Pis for this sort of small job, they're low power and take up little space.

I have a computer that accesses all the different places that I get mail sent to - for example, I still have an AOL address! It's free, so there's no real point in cancelling it. The Pi uses fetchmail to pick up the email from these various places (using IMAP). Then it runs all the email through the spam filter I wrote (described elsewhere in this blog). Finally it sorts it into alphabetical order (I find that a lot more convenient than date order) and then I use alpine (a clone of pine) to read it. I use pine because it isn't accessed via a browser. It just shows me the text. This means that A) any malicious stuff that a browser would respond to, just doesn't happen, and B) the little invisible things that tell the sender that the email has been opened by a browser, don't work.

But sometimes I get such a flood of email that the Pi has trouble keeping up. That would happen if, for example, something goes horribly wrong with my comms, and I start getting 20 alerts per minute telling me that my servers can't be contacted.

Also, some emails need a lot of processing; for example when there's a lot of attachments (and sometimes I do want to look at attachments).

So I've replaced the Pi with a Pi 2, with twice as much memory and (according to what I've read) six times the processing speed.

It would have been nice to just take out the SD card from the Pi and put it in the Pi 2, but the Pi uses a full size SD card, and the Pi 2 uses a teeny tiny SD card. So I had to load the new card up with all the necessary processing software, which wasn't too bad.

apt-get --assume-yes install sendmail
apt-get --assume-yes install dcfldd
apt-get --assume-yes install rdate
apt-get --assume-yes install vsftpd
apt-get --assume-yes install samba
apt-get --assume-yes install samba-common-bin
apt-get --assume-yes install rsync
apt-get --assume-yes install espeak
apt-get --assume-yes install sox
apt-get --assume-yes install alpine
apt-get --assume-yes install fetchmail
apt-get --assume-yes install nfs-kernel-server nfs-common rpcbind
apt-get --assume-yes install apache2  
apt-get --assume-yes install bind9  bind9utils dnsutils
apt-get --assume-yes install dnsmasq
apt-get --assume-yes install lighttpd

And then LockFile-Simple-0.208.tar.gz  Mail-Procmail-1.08.tar.gz  MailTools-2.12.tar.gz

Also perl5/URI, perl5/Lingua, lame and mary (for text-to-speech)

It's all working fine.

Another malware

Date: Thu, 17 Dec 2015 16:40:00 +0800
From: Leona Shields <ShieldsLeona93@kotopo.net>
Subject: 12/16 A Invoice

Hi,
Please find attached a recharge invoice for your broadband.

Many thanks,
Leona Shields



The from-name and from-email address is different each time.
 SHA256: a93233dea9b85c139562ee6ccfcbfe787105e721e6a1f1961e4c031d211a9b99 File name: invoice18216191.doc

This says that it's a doc file, but actually it's a mime-encoded mso (Microsoft office) file.

Virus Total: 52 products pass it as clean
Payload security: Thinks it's a text file, won't scan it.
Metascan: Preventon flags it, 41 products pass it as clean
Jotti: Flagged by Kaspersky, Sophos and Quick Heal,  18 products pass it as clean

 Virus Total first saw it 20 minutes ago.

The reason so many products pass it as clean will be partly because it's only arrived so recently, and partly because of the cunning mime-encoding. I'm guessing that Windows Word will automatically decode and load it (if it didn't, there would be no point in emailing it out.)

Update a few minutes later ...

VirusTotal says that Sophos flags it as CXmail/OleDl-A

Wednesday 16 December 2015

Slight nose bleed

It's ages since I've had a nose bleed. I don't know if I'm particularly prone to this, because I don't know how often other people get this. It was only a few drops, and I caught it on a tissue. Wow, it's so red! A lovely colour.

But not something I want to see.

The non-arrival of the boots

I ordered a pair of boots from Amazon. Or rather, it was from a vendor selling via Amazon. I ordered on the 20th November, they should have arrived by December 1, but they didn't. I gave them a couple more weeks, then contacted the vendor, explaining the problem.

They said that it had got lost in transit, and sent me a form to fill in and sign, so I printed it out, filled it in, signed it and emailed it back, asking for a replacement.

We'll see what happens next. Fortunately, I'm not in a hurry for these, they're to replace my spare boots which have developed a small fault.

 ... later ...

The boots had arrived, and I'd forgotten. So I've emailed the vendor to tell them not to send a another pair.

... later ...

Urghhh! Amazon have just emailed me to tell me they've given me a refund. I didn't ask for a refund. My whole correspondence has been with the boots supplier, and they already emailed me to say that they were pleased that the boots have arrived. So I've emailed the seller to try to sort this out. I have the boots, I don't want the seller to be without payment!

Vatican souvenir shops caught selling fake papal blessings

You have to love this. Some naughty moneymakers have been selling fake papal blessings.

It's appalling. Shops selling medicine promising that god will cure your cancer, dishcloths with an image of the virgin Mary (taken from an actual photograph, I suppose), and, worst of all, fake blessings.

Don't they realise that fake blessings are less powerful than real blessings? Fake indulgencies that claim that they'll reduce your time in purgatory, won't actually have that effect - and may even *increase* your time in purgatory?

Real blessings cost from $10 to $25, and they really have been blessed by the pope, making them really really holy, and ...

No, I can't do this any more, I'm laughing too hard.

Look.

I'll bless you, it's free. Just post a comment to this blog. And you get a cast iron guarantee that you won't have to spend any time at all in purgatory.

Left wrist, right heel

My left wrist is getting better and better, although it's still not up to lifting heavy weights, such as a bicycle, as I discovered last week when I went out caching.

On the other hand, my right heel has deteriorated considerably; so much so that I've decided not to go out caching tomorrow.

Tuesday 15 December 2015

More PCIDSS fun

It was time for my quarterly security check for the PCI DSS. So I set up the scan.

Several hours later (it usually takes under an hour) the result came back: FAIL!

Urghh. This means work for me. The problem was the version of OpenSSL that I was using, it was 1.0.2.d and a recently discovered vulnerability meant that I should be using 1.0.2.e

This keeps happening. Pretty much every time I do my quarterly scan, another vulnerability has been found in OpenSSL, and I have to get the most recent version, download it, compile it, rebuild my copy of Apache (the web server) and reinstall it.

It passed the retest, hurrah!

Now think of this.

1. 80% of companies are not PCI DSS compliant. Of those that are, each time a new OpenSSL vulnerability is discovered, there's a window during which most web sites using OpenSSL are vulnerable.

2. Why are there so many holes in OpenSSL, a program that is key to the security of a truly vast number of web sites?

3. When I interrogate Paypal and look at the header, the first think I see is "X-Recruiting: "If you are reading this, maybe you should be working at PayPal instead! Check out https://www.paypal.com/us/webapps/mpp/paypal-jobs" which is really funny! I also see this: "Server: Apache".

4. When I look at my server, I see: "Server: Apache/2.4.16 (Unix) OpenSSL/1.0.2e". Maybe I should tighten that up and be more like Paypal? Is there any good reason why I should let the world know what version of Apache and OpenSSL I'm using? So I edited the Apache config file, and added "ServerTokens ProductOnly", and now my server responds with "Server: Apache".

And now I'm retesting the server, to be sure that the PCI DSS tester is OK with that.

There's another open source SSL implementation, LibreSSL, but it's only been around for a year or so, I think I'll wait and see.

And, by the way, governments are asking for there to be backdoors in encryption systems.

I boggle.

Monday 14 December 2015

The Gtech ebike

I've seen the advert for this before, but today, ladysolly drew it to my attention.

"Would you like one of these?"

"No."

And I read the advertisement. It's reduced from £1695 to £995, but even at that lower price it doesn't look like a good buy.

I checked their web site. It's a bit short of technical details.

It doesn't tell me how powerful the motor is. 250 watts is the standard, but it might be 200, or even less, there's no way to tell.

It doesn't tell you the capacity of the battery. The standard is 10 amp-hours, but it could be less, there's no way to tell. It says it's a "powerful 36v battery", but that tells you nothing about the capacity.

There's no gears. Hilariously, this is presented as an advantage! "There are no confusing gears to worry about." I don't find gears "confusing", but I do find that they help a lot in going up hills.

There's no chain, instead it uses a belt, which it calls "a clean carbon belt drive" by which I'm guessing it means a carbon-fire reinforced synthetic rubber belt. This is also presented as an advantage "there is no oily chain". I don't see that as much of an advantage, if any.

There's no suspension, front or rear. There's no rear carrier rack.

There's no mudguards. If you use this bike on a wet road, you're going to get mud spattered on your back and thrown up into your face.

But the worst feature is surely the price of £995. I just went on Ebay; you can get a new electric bike for £459 with 6 gears, front suspension, mudguards, rear carrier rack, 36V 9AH battery driving a 250 watt motor.

Or a new folder for £474 with 7 gears, front and rear suspension, no mudguards, front and rear disc brakes, 36V 10AH battery driving a 250 watt motor.

Ebay is a great place to buy stuff. If you buy something that's advertised in the newspapers, guess who is paying for that advert.

Sunday 13 December 2015

Education, form 5G

 So I was 14 at the start of the school year (1963-4).

The big thing about the fifth form, was O levels at the end of the school year. I had done the easy ones last year, so this year I had Technical Drawing, Latin, Geography, History and Additional Maths. Technical Drawing would be a doddle, I knew, which was the only reason I did it. 50% of the marks would be for geometry, which is maths, and I'd probably pass on those alone, with extra marks for drawing plans and elevations. I think I got an A. I got an A for Additional Maths, of course. Latin wouldn't be so easy, but I worked hard on that and managed to get a C. Geography was another C, but History was an H. H for Horrible. It was the lowest grade possible, and it didn't surprise me at all. I just could not understand what it was all about.

During the year, we did lots more calculus, both differential and integral, and I lapped it up. I also did stuff not on the syllabus - matrices and quaternions, for example, just because I enjoyed it so much.

In chemistry, we did analysis, which was great fun. You were given a small amount of "something", and by doing various tests, you had to work out what was in that "something". This also let us practice the skills of titration, weighing, filtration, solution and so on. Of course, I was already doing all that in my home chemistry lab.

In physics we did sound, pendulums, lenses and heat transfer. I learned to write up an experiment, which unfortunately reinforced the rather stultified writing style that I'd learned in English classes. In my view, at school I wasn't taught how to write, I was taught how not to write. It was a decade or two later that I learned how to write. But in physics, we were told to use the passive voice, to use long latinate words in convoluted sentences and to generally write in a very obfuscated way.

It was that year that I saw my first digital computer. It was a Pegasus, all valves, and I remember seeing it, but we weren't allowe to actually do anything. I felt a strong tug, though. That looks like fun! At that point, though, I didn't know it was to be my destiny.

In electronics, I added a couple of transistors to my crystal radio, which meant that I could play the output through one of the speakers that I'd salvaged from a dumped TV. I also made a multivibrator circuit, which I developed into a musical instrument that I could play by using my grip on a wire to change the resistance and hence the frequency.

And I got my first job. A cousin of mine told me about it. I applied to Zetters, the football pools company, for a job. I worked Saturday evening and Sunday, and it paid really well, I think I got £2 18 shillings for the Saturday, and even more for the Sunday. The work was pretty tedious, but not long after I started, I took their exams to move up from grade 4 to grade 3, which meant more interesting work (and a pay rise). Eventually, I passed the grade 1 exam (I remember I scored 100% on it), which tested my knowledge of permutations and combinations, which is maths, of course, and therefore not difficult for me. As a grade 1, I got the most interesting (i.e., difficult) work to do.

At school, we were in the remainder of the fire-damaged school, plus some prefabs that they put up in front of it. The effect of this was that things were pretty normal, as far as education was concerned. All the labs were intact, fortunately. And the gym, unfortunately.

Grocers was an all-boys school, and during this year, I turned 15. Girls were no longer a species to be avoided, but an interesting mystery that needed to be investigated. So I joined Habonim. This is a Socialist Zionist Jewish youth movement, but I didn't care about the politics. We learned Israeli songs and dances, played various games, did night walks and received a smattering of indoctrination, and suddenly, without my realising it at the time, history came into focus. When history was about the Tudors and the Stuarts, I couldn't see the point, but when I learned about the Holocaust, is seemed a lot more relevant. I didn't learn much about girls.

The objective of Habonim is Aliyah, emigration to Israel. I went to Israel Camp a couple of years later, and I greatly enjoyed six weeks touring around the country in the back of a truck, plus a couple of weeks spreading manure on a farm, but by then, I knew that I didn't want to be a farmer. Plus, I didn't like the heat, and I'm rubbish at learning languages (my poor efforts at French and Latin taught me that).

At the end of the year, we had to choose what we'd study in the 6th form. The choices were: maths, biology, economics and arts. In my view, biology was just messy and led to medicine, arts were for people who couldn't even do biology, and economics were for the complete failures. I, of course, chose to go into Sixth Maths Lower. I wanted to do maths, physics and chemistry, but they told me I could only do two out of those three, so I reluctantly dropped chemistry.

Friday 11 December 2015

The cost of PCI DSS non-compliance

I just got a letter from Worldpay (they used to be Natwest).

"we're removing the monthly additional PCI DSS service charge fee for customers who have been non-compliant for a period of 12 months or more".

So what is the incentive to jump through the hoops to become PCI DSS compliant?

As of 2014, 80% of companies fail their PCI DSS compliance. And that's a *minimum* standard.

In the last 10 years, not a single payment card breach was with a company that is compliant. That's mostly because as recently as 2012, 92.5% of companies were non-compliant.

I've been compliant since 2008. I assumed, back then, that everyone would be compliant within a year or so. I was wrong. I'm *still* in a minority.

The users don't care, the companies taking credit cards don't care, the banks that accept these billings don't care and even Visa and Mastercard don't care. The credit card system is insecure because there's no-one who has an incentive to make it secure.

And my letter from Worldpay just made that worse.




Black cab blunder, part 3

On 11 October, I was taking on a very roundabout route by a licenced black cab. I complained about it to Transport for London, and TfL has replied. The driver has apologised, and sent a £20 postal order in compensation.

Yesterday, ladysolly was in London, it was raining, her hip hurts, and she couldn't find a black cab - that's often the case, because when it rains, demand shoots up.

We're signing up for Uber.

Thursday 10 December 2015

Emailed malware

In the last few weeks, I've discussed the problem of emailed malware, and how antivirus software fails to deal with it. But how common is it to receive emailed malware?

I collected them over the last couple of days. Here's the list:

      1 Yesterday Beatrice Day                    (8K) Your order #00520531 - Corresponding Invoice #0DD18F61      
      2 Yesterday Fred Chapman                    (8K) Your order #06969392 - Corresponding Invoice #7D22CECB      
      3 Yesterday Patricia Nielsen                (8K) Your order #23564758 - Corresponding Invoice #9ECC81F9      
      4 Yesterday Raleigh Ramirez                 (8K) Your order #17927188 - Corresponding Invoice #15090A24      
      5 Yesterday August Buck                     (8K) Your order #11281247 - Corresponding Invoice #B15570B7      
      6 Yesterday Lucile Patrick                  (8K) Your order #36670299 - Corresponding Invoice #D720B32F      
      7 Yesterday Philip Cross                    (8K) Your order #52273081 - Corresponding Invoice #14812231      
      8 Yesterday Ken Stokes                      (8K) Your order #84419925 - Corresponding Invoice #8A627398      
      9 Tomorrow  Coreen Landsberg                (4K) RE:Gavel_Billing Statement 1531                             
     10 Tuesday   E-ZPass Manager                 (6K) Indebtedness for driving on toll road #000751095            
     11 Tuesday   Christina Fields                (6K) Invoice #06117501                                           
     12 Yesterday Felecia Crane                   (8K) Invoice #06187586 from DataCorp Inc.                        
     13 Yesterday Lessie Hatfield                 (8K) Invoice #06397785 from DataCorp Inc.                        
     14 Tuesday   Malinda Bass                    (6K) Invoice #39613387                                           
     15 Yesterday Gladys Whitfield                (6K) Invoice #42455721                                           
     16 Yesterday Tyrone Fisher                   (8K) Invoice #52469573 from DataCorp Inc.                        
     17 Yesterday Rudy Guthrie                    (8K) Invoice #55206934 from DataCorp Inc.                        
     18 Yesterday Earl Stout                      (8K) Invoice #61079463 from DataCorp Inc.                        
     19 Yesterday Murray Bowers                   (8K) Invoice #64591706 from DataCorp Inc.                        
     20 Tuesday   Gregg Booker                    (6K) Invoice #91133293                                           
     21 Tuesday   Juana Oconnor                   (6K) Invoice #93853550                                           
     22 Tuesday   Krystal Harding                 (6K) Invoice #CS-00261765                                        
     23 Tuesday   Millicent Pratt                 (6K) Invoice #CS-15139904                                        
     24 Tuesday   Lucy Bray                       (6K) Invoice #CS-25255384                                        
     25 Tuesday   Jaclyn Maddox                   (6K) Invoice #CS-40095963                                        
     26 Tuesday   Tia Baldwin                     (6K) Invoice #CS-49390463                                        
     27 Tuesday   Erna Craft                      (6K) Invoice #CS-99757019                                        
     28 Tomorrow  Cornelia Roshia                 (4K) Munsen_Statement 3828                                       
     29 18:01     Violet Raymond                  (6K) Payment Nr: 18568743/490056D0                               
     30 16:44     Mai Raymond                     (6K) Payment Nr: 31791500/0DD06850                               
     31 Tomorrow  Lindsey Clay                    (6K) Payment Nr: 50312964/F53EF071                               
     32 15:23     Wendy Woodward                  (6K) Payment Nr: 78514869/F7A71FD4                               
     33 22:32     Robbie Melendez                 (6K) Payment Nr: 90182720/C91F7FF0                               
     34 Tomorrow  Ola Avila                       (6K) Payment Nr: 92379516/036BA837                               
     35 20:48     Earnestine Barber              (11K) Payment Request, Ref. nr: 03412420/2015                     
     36 17:19     Briana Kennedy                 (11K) Payment Request, Ref. nr: 17542395/2015                     
     37 10:23     Effie Walters                  (11K) Payment Request, Ref. nr: 20612581/2015                     
     38 12:09     Saundra Vargas                 (11K) Payment Request, Ref. nr: 25227726/2015                     
     39 18:37     Ashley Bates                   (11K) Payment Request, Ref. nr: 74148612/2015                     
     40 16:00     Winifred Lang                  (11K) Payment Request, Ref. nr: 99939309/2015                     
     41 10:03     Hilda Sawyer                   (11K) Reference Number #05888572, Last Payment Notice             
     42 11:43     Ladonna Roach                  (11K) Reference Number #33676317, Last Payment Notice             
     43 11:51     Roy Cochran                    (11K) Reference Number #35689361, Last Payment Notice             
     44 11:57     Zack Monroe                    (11K) Reference Number #60252245, Last Payment Notice             

     45 11:15     Janet Mcdonald                 (11K) Reference Number #99478023, Last Payment Notice             

This is not a rare problem.

Iced bun

I had an iced bun for my tea today.


This is my favourite sort of bun, eaten while drinking a large mug of coffee. Ladysolly gave me one for when I was out caching yesterday, and she left another one for me today.


The tide turns?

The Archbishop of Canterbury has said that he believes the “tide is turning in this country” for the Church.

The tide is still going out.  The Church Times says so.

Bike maintenance, computer maintenance.

I've ordered a replacement for the pannier that fell apart, it should arrive in a few days.

Then I pumped up the tires - that turned out to be more difficult than I expected. I have three electric pumps. Two have their own battery (they are the kind of box that is a 12 volt battery with jump starter leads, plus a lamp, plus a tire pump), the third is stand-alone.

One of the ones with its own battery is broken - it just goes "Wheee" when I use the pump. The other one with its own battery didn't work, because the battery was discharged. That's worrying, because that's the one I carry in the car as an emergency starter and tire pump. So I put it on charge.

Then I plugged the one that doesn't have a battery, into the charged battery. The pressure when quickly up to 100psi, there was a bang, and it stopped working.

Um.

I have an old battery+pump. It's so old, the battery doesn't hold a charge. I dismantled it, took out the pump, and fitted it into the battery+pump with the non-working pump. And it worked! So I used that to pump up the bike tires.

I thought of buying a replacement pump-without-battery (£7 on Ebay), but then I thought, there's no point, I have two working pump-with-batteries. One is dated 2013, the other 2014. These tend to last about three years, so I'll buy another one in 2016 (about £35 on Ebay).

Next, the bike brakes. When I was out yesterday, I was finding that stopping was a bit iffy; I was having to put my feet down to help the brakes stop the bike, and that's not good! I checked the back brakes, they looked fine, but the front brakes were worn down, so I changed the pads. And I checked the rear carrier; all the bolts are tight. The rear carrier is really important for my bike, because that's what carries the batteries, repair kit and other equipment; there's about 25 pounds of kit there. It means that when I'm 10 miles from the car and I get a problem, I can fix it on the spot.

A quick squirt of oil in the chain and suspension spring (if you don't oil that, it makes an annoying squeaking noise as you bounce along), and the bike is now ready for my next trip out.

And now the computers. The computer hosting my malware cleaner stopped working. I nudged it, and it worked again for a short time. So I examined it more closely, and saw that the wire carring the power from my remote-control relay to the Raspberry Pi was cracked, so I soldered it and now that works fine.

The other computer with a problem was one of my secure servers. It was crashing. And when I rebooted it, it worked for a while, then crashed again. I opened it up, and noticed that the hard drive was too hot to touch, and I think that's a good test; if it's too hot to touch, then it's too hot. So I put it into a cooling bracket, so that an 80mm fan is constantly blowing air over it. That keeps it nice and cool, and it hasn't crashed since.


Wednesday 9 December 2015

Hartley Heart attack, part 5

Another slice of this great series. I did 51 caches today, including one I DNFed last time out, but I DNFed another one today. I found two more of the bonus codes, so now I have three out of (I think) six.

I had hoped to do an additional small loop of two dozen, but by the time I finished the 51, my back hurt too much to continue.

This series is going nicely.

A couple of problems while I was out. After the first few caches, my pannier split, so I went back to the car to get a spare. And then, about 2/3 of the way round, one of the bolts holding my rear carrier to the bike came loose and fell out. Fortunately, I carry a very comprehensive toolkit, including spare bolts! So I was able to replace it.


Tuesday 8 December 2015

American refugees

Here's a question - how many American refugees should we be willing to accept?

Two leading presidential candidates are Trump and Sanders.

Trump is a right-wing candidate who plans to turn America into a fortress, with walls to keep out Mexicans, and no entry for Muslims.

Sanders is a socialist, who plans to soak the rich, introduce a National Health system and level down incomes.

Either way, there's a bunch of Americans who will want to emigrate, and the UK is a likely desired destination, because Americans speak a similar language to English. But there's downsides to having too many Americans.

1) They'll want to bring their guns. So many Americans love their guns.
2) They'll push for theocracy. A lot of Americans think that their particular religion (usually one of the sects of Protestant Christianity) should be the law of the land.
3) When they discover that they can have their teeth done for free, they'll swamp our dental service.
4) They have approximately 365 mass shootings per year. That's not the British Way of having an argument.

We should start mid-Atlantic patrols, so that we can intercept boatloads of American migrants in rubber boats rowing across the Pond and send them back to New York. We need to set up internment camps, so that any that do reach our shores can be properly vetted before granting them possible refugee status.

So we should obviously place a limit on how many American refugees we should accept, and it's not too soon to start thinking about it.

Trump's trumpeting

Trump has declared that he wants to bar all Muslims from entering the USA. That includes US citizens. I'm not sure what his plans are for returning members of the military.

Lots of people are saying "How terrible" and "Sounds like Hitler". But what I'm saying is, "How?"

Let's suppose I decide to spend a couple of days in New York, where they have great food. Latkes (which someone told me is the same as hash browns, but ladysolly told me isn't, and she should know), salt beef (which they call corned beef, whereas in the UK corned beef is something completely different, so beware) and cheesecake (and here's another caveat; in the UK there's two sorts of cheesecake, the sort you get in New York, and another sort which is *completely* different and not very nice). But I'm getting digressed on the subject of food; let's get back to Trump. And let's suppose there's a "no-Muslim" policy in place.

Obviously, they could just ask me, "Are you a Muslim". And I'd say "No". But that's hardly proof, and it's what you'd expect a Bad Person to say. So how can I prove that I'm not a Muslim?

They could offer me a bacon sandwich, but I just love bacon sandwiches, so I'd happily eat it, although a religious jew wouldn't, thus proving ... nothing at all.

They could check for male genital mutilation, which I do have (at eight days old, I was too young to object), but I've read that a lot of Americans have this too.

All of these negative checks, aren't going to work. But what about a positive check? A positive check would be a proof that I was some non-Muslim religion - if I'm Christian or Jewish, I can't be Muslim, right? So how about a proof that I'm something else.

They could ask me for a recital of the Nicene Creed, which non-Christians are unlikely to know, but the problem is, I doubt if many Christians know it either. Nor do I.

They could ask me to recite the Shema, but I'd fail that, unless I was given time to learn it before the exam.

No - I just don't see how they'd do this. The hope is that by keeping out all Muslims, they would keep out nasty extremist terrorists; the difficulty is that a nasty extremist terrorist would pretend not to be a Muslim, and I can't see how you'd be able to tell the difference.

But there is one way.

Don't let *anyone* enter the USA, and if any US citizen leaves, don't let them back in.

That should do it.

Monday 7 December 2015

Latkes!

Yesterday was mixed.

It started out badly when my leased line went down at 2pm, and I spent the next five hours kicking Daisy to try to get some action. At 7pm, I had to leave because ...

At 8pm, we went to a Shiva. My wife's brother's wife's brother's wife's mother died, and for seven days, the mourners sit on low chairs, all mirrors in the house are covered up, and prayers are said at the house of mourning each day. And relatives visit to show sympathy and consolation. And, of course, eat.

So we drove to Bushey to the house of my wife's brother, and I was fed chocolate brownies until it was time to go. Then we went to the Shiva house, where I ate fish balls until it was time for the service.



The rabbi and I had the same hat; I call it my Rabbi Hat, and I wear it ironically. He wears his for real. Everyone else was wearing a yamulka. The women all went to the back of the room, the men at the front, and we spent what seemed to me to be a very long time reading the Shema, and Maariv followed by three times Kaddish, which is the mourners prayer.

Then ladysolly and I, her brother and his wife went on to a kosher restaurant. Ladysolly and I both had chicken soup with lockshen and kneidlach, which we both love. I followed that with salt beef, latkes and pickled cucumber, and finally my favourite dessert, New York cheesecake. I identify as atheist, yet gastronomically jewish. Ladysolly tried to buy some chopped liver to take away, but sadly the kitchen had closed.

We got home at 11pm, just in time to see the Openreach van with the driver checking the connections in the nearby green box, but that didn't fix my leased line; I called Daisy to tell them so.

I went to bed, but I got up at 3am, 5am and 10am to greet three more Openreach engineers, and the last one finally fixed the problem. So as you can see, I didn't get much sleep.

But anyway. Latkes. Even the thought of latkes cheers me up.

The Commission on Religion and Belief in Public Life

The Commission on Religion and Belief in Public Life has reported after two years of reflection, and it's a doozy!

- faith schools are "socially divisive"

Well, duh. That's the whole point of faith schools. Whoever thought that they were ever a good idea, should go visit Northern Ireland.

- cut the number of Church of England bishops in the Lords and give places to imams, rabbis and other non-other non-Christian clerics as well as evangelical pastors.

And to atheists.  Or, alternatively, why should clerics have a voice in our government?

- Thought of the Day on BBC Radio 4's Today programme should include non-religious messages.

Again, Duh. It's thought of the day, not prayer of the day. 

The coronation service for the next monarch should be overhauled to include other faiths

Good idea. I can hardly wait until a colander-wearing, pirate-costumed Pastafarian places the Sacred Spaghetti on the monarchs head, and anoints him with tomato ketchup.

The Church of England religionists are having conniptions at the thought that their establishmentarianist monopoly might be breached. But less than 20% of people in the UK say that they're Anglicans (in case you didn't know, Anglican is a synonym for Church of England. I think. Maybe there's subtle differences that I'm unaware of).

Half of the people in this country describe themselves as having no religion, and this proportion is growing. We need protection from the institutionalised religiosity, from the monopoly of House of Lords Anglican Bishops, and, most of all, an end to the divisive faith schools.

Openreach outage

At 14:20, my main comms line went down. And stayed down. 40 minutes later, I noticed and reported it to Daisy.

Nothing happened for a long time. I kept phoning Daisy to give them a prod, and eventually, at 11pm, (11 hours later) a van from Openreach was parked nearby, checking the green cabinet that my line goes through.

That didn't help, and I called Daisy again.

Openreach sent another engineer. He came here at 3am. He phoned, I woke up, and let him in.  So he started measuring voltages - he thought they were OK. Then he revealed that he wasn't the engineer for private circuits (which is what I have), didn't really know much about them and needed to call a colleague to talk him through what to do. He left without fixing the problem, and said that I needed another site visit from another engineer.

At 5am, the third engineer arrived. He first went to the exchange and swapped out a card, but that didn't help. Then he phoned, woke me up, and I let him in. He was confident that swapping out the BT equipment here would fix it - it didn't.So them he started measuring voltages, but he had an analog voltmeter, and it was clear to me that it wasn't accurate enough, so I offered him my digital voltmeter, and that revealed the problem. I was getting 116 volts on one line (it should be 120), but only 111 volts on the other, and 111 volts just wasn't quite enough.

We were losing five volts somewhere. Progess! So he went back to the exchange - maybe a fuse has eroded and that where the five volts is going? No, it wasn't.

At 10am, the fourth engineer arrived. He went up his ladder to the telephone pole outside my house, and saw the problem immediately. The screw terminal connection was corroded. So he snipped off the corroded copper, connected it with a compression-fit connector, and immediately my comms was working.

So I had an outage for 21 hours, because whoever fitted the line originally, thought that a screw terminal connection would be good enough.

I'm making an SLA claim for this.

Infamy

74 years ago today was "a date which will live in infamy". The Japanese attacked Pearl Harbour.

Britain had been fighting the Nazis since September 1939, and a year had been facing the Nazi war machine alone - joined in June 1941 by the Russians, after the Nazis attacked them. 

On December 7, 1941, the Imperial Japanese Navy attacked Pearl Harbour without a declaration of war. They achieved total surprise, sank four battleships and damaged four more. 2403 Americans were killed.

And so America joined World War 2, declaring war against Japan. They would most likely have followed up by declaring war on Germany, although that would not have been obvious - there was no clear reason for doing so. Fortunately, Hitler made is easy by declaring war on the USA. So, two years after WW2 started, the USA joined in, making the outcome certain.

We all know the outcome of that. The Russians beat the Germans, the Americans beat the Japanese and the British beat Italy.

On November 13, 2015, Daesh attacked Paris, killing 130 people. As a result, France declared war on Daesh. France is our neighbour and our friend. France is our ally, via Nato, via the EC and via the UN. On 20 November, the UN Security Council passed a resolution calling for decisive action against the "unprecedented threat" of The Islamic State by "all means" necessary.

The UK has, of course, already been fighting Daesh - the Iraqi government asked for, and got, our help in its fight against them. We were already bombing Daesh, or at least, bombing those parts of Daesh that are in Iraq. A few days ago, the UK parliament voted to also bomb those parts of Daesh that are in Syria.

I think some people are worried that by bombing Daesh, we're going to annoy them, and maybe they'll try to commit terrorism outrages in the UK. It's a valid concern. But we were already bombing them. In Iraq. And you don't deal with murderous savages by offering them tea and cakes.

There is a risk to the home front because we're stepping up out attacks on Daesh. But giving in to a bully is a much bigger risk, because the bully is still there, and will just ask for more.

The Paris attack will be Daesh's "date which will live in infamy".

Sunday 6 December 2015

A surge of spam

About a thousand spams arrived in the last 12 hours. The subjects include:

90% off Discount Software
Achieve every girl's bed fast
Are you ready to become immense for girls?
Are you ready to please your wife at night?
Buy Cheap Software
Cheap Software
Discount Software
Do you want to please your partner every night?
Hello!
OEM Software
The easiest way to gain more health
Vape-shop
Vape-shop N1

And the ever-popular:

わずか2秒でやんちゃな愛犬の言うことを聞かせる方法

This is about ten times as many as I usually get.

Friday 4 December 2015

Hatley Heart Attack, part 4

Another bite at this great series. Today the weather was good, but the ground was muddy, and it was the clingy bike-blocking sort of mud. So it took more out of me than usual. However, by careful route-planning, I was able to avoid most - but not all - of it.

I still managed to get 51 caches, but there was one DNF. And I managed to get one of the letters for the bonus!

Thursday 3 December 2015

How to address the US shootings problem



Many politicians seem to think that prayer is the answer. If it is, then it hasn't worked so far, but this might just mean that we haven't prayed enough. Mark 11:24, "Therefore I say unto you, What things soever ye desire, when ye pray, believe that ye receive them, and ye shall have them." Many other religions believe in the power of prayer, but the fact that it hasn't worked so far, might be because we've never set up a major project to try it.


I have an idea.

One of the great characteristics of humans, is tool usage. My proposal, is to apply that to prayer.

The computer is the obvious tool to use. We make one file which is a list of gods; as more gods appear, we can extend the list. Also, we would commission research to detect previous undetected gods - the various theological colleges would, I sure, be delighted to submit research proposals..

The second file is a list of prayers; again, as more prayers are developed the list can get longer. Employment could be found for many otherwise underemployed religious leaders in prayer development, testing and debugging.

The computer would combine each element of list 1 with each element of list 2; it should be possible to pray at the rate of at least a thousand prayers per second. This means 86 million prayers per day, and if that isn't enough, we can add more computers to the task.

The prayers would, of course, be sent to /dev/null, just like all other prayers.

Tuesday 1 December 2015

Hatley heart attack, part 3

Aother 60 done today, biking around a circuit plus a few extras. Two DNFs.

It was quite warm and it didn't rain, but it was pretty muddy.

One cache required me to creep across a makeshift bridge, then up a steep bank on the other side. Getting back was equally hairy!

On the way there, I got caught in a big traffic jam on the M25; as a result, I got to my start point an hour later than I'd planned. But the day went well, I did the 60 caches in five hours. I got back to the car at 4pm, just as it was starting to get a bit darkish, for lunch and coffee.

A good day out, and rather tiring!