Friday 23 December 2016

I lost some files!

And I don't know how. An entire directory seems to have just vanished, and I only found out when I tried to use one of the files in it.

So I went to my latest backup. It wasn't there either.  Because the latest backup was a backup of the computer without that directory. Huh.

So I went to the backup done 4 days ago. And there it was, so I copied it back to where it should have been. Panic over.

I actually have three sets of backups; one is done on the 1st to the 10th of the month, one on the 11th to the 20th and one on the 21st to the end of the month. The reason for this is exactly the scenrio that just happened.

Reorganisation of the office

Now that the new computer is working well, I wanted to incorporate it into my office, together with the two new monitors.

Once upon a time, there were two video standards, mono and colour-graphics (CGA). They were completely incompatible, it was one or the other. I used both (on different computers), because the mono was great for text, CGA was needed for games. A CGA monitor would cost about £400. CGA gave you 320 by 200 pixels, and four colours (choice of two sets of four colours). If you wanted 16 colours, then the resolution was 160 by 100.

And I played games on that!

Then along came EGA (vastly better colour graphics, also completely incompatible with the other two). 16 colours chosen from a palette of 64, resolution 640 by 350.

And then, at last, VGA.

VGA started as 640 by 480 pixels, but it gradually got better (1024 by 768) and better (1280 by 1024) and better; now you can run VGA at 1920 by 1200, which is really nice. And for all that time, which was about 20 years, the connector was the same. And I looked upon it, and it was good.

And now it's changed again. There's still VGA, but there's DVI, HDMI and Displayport, and some video cards now don't have VGA any more. Within DVI, there's DVI-I, DVI-D and DVI-A and the first two can be either single or double link. And the connectors are almost, but not quite, the same.

The Raspberry Pi has HDMI, and at least there's only one shape of connector.  And the latest interface is DisplayPort, which is supposed to be one standard to replace all the others, but (as always happens) it's just one more standard to worry about. The great thing about standards is that there's so many of them.

If you want to go above 1920 by 1200 (such as my new 2560 by 1440 monitor) you need to use something more modern than VGA. And there's so many standards now, it's become a pain again.

Also - I have a couple of switcher boxes that let me connect several computers to one keyboard, mouse and monitor. But they're VGA.

So here's how I ended up.

The 2560x1440 monitor is connected via DVI-D to my main workstation; I use that for everyday office-type work. The new computer (32gb memory, twin-xeon and a very high-spec video card) is connected via DVI-D to the new NEC Multisync 1920 by 1200.

And the other three computers are 1) the one that I use to run several terminals to various servers, 2) the one I use for updating GSAK and 3) my old gaming computer, and they are all connected, via the KVM box, to a 1920 by 1200 monitor.

So there's three mice, and they are all Microsoft optical mice, which is the best product that Microsoft ever sold. Two of the keyboards are IBM model M; more than thirty years old and still the best keyboard there is, and the third keyboard is a cheap clone because I do almost no typing on it.

And my office is now reorganised,

Thursday 22 December 2016

Excellent tech support

I was given Civilization 6 for my birthday, and I've been playing it on my old games machine. It's not fast. So I set up another machine, much faster, plenty of memory (32gb) and a really up-to-date video card (GTX 1050). And to my great disappointment, Civ 6 wouldn't run. When I started it up, it said "running" for about a second, then nothing.

I tried reinstalling, I tried this, I tried that, I tried the other; I tried everything I could think of - no result. Eventually, I tried to contact tech support.

Civ 6 comes from 2K, so I went to their web site to find a support number. I couldn't find a phone number, but they did have a form I filled in. I gave all the details that I thought they'd want, and I expected a reply some time in the new year.

But no! I got a reply almost immediately!

I'm guessing that it was a standard cut-and-paste reply - verify game cache, reinstall directx, reinstall vcredist ... and it told me *exactly* how to do each of those steps. The first two suggestions didn't help, but after the third suggestion ... it worked!

This is how tech support should be. Well done 2K.

New monitor part 2

And the NEC multisync has arrived. It does 1920 by 1200, it's bright and clear, and after I switched the on-screen display from German (I bought it from a German company, hurrah for the EU) easy to use. It cost a tidge under £60, which is an excellent price for such a good monitor.

Wednesday 21 December 2016

Terrorism by vehicle

How awful it was that 12 people were killed, apparently on purpose, by someone using a stolen lorry as a weapon. But actually, how awful?

To assess awfulness, we have to make a comparison, and the obvious figure to compare, is how many people were killed on the roads in Germany? In 2013, there were 3540 road deaths.

That's about 10 per day.

I have to say that this is a *much* bigger problem than the recent crime in Berlin. And that is why we need self-driving cars, and we need them as soon as possible.

Our legislators have to move urgently to create law on liability in case of accidents (because there surely will be some). If I'm a passenger, then I have no liability, but if something goes wrong, then it may well be that no-one is at fault (for example, if the car is struck by lightning), or that someone is at fault, in which case is it the car manufacturer, the software designer, or who? With that legislated, insurance becomes possible, and the costs can be built in to the price of the  vehicle.

The biggest incentive is the much lower accident and death rates we'll get when cars are driven by software that doesn't get distracted, doesn't fall asleep, doesn't drive while drunk and doesn't text on phones while driving.

And it should also be feasible to make it impossible to hijack a lorry and drive it into a crowd.

Tuesday 20 December 2016

New monitor part 1

The Hanns-G HQ271 27 inch monitor (costing £208) arrived. 2560 by 1440 of loveliness. Two 1280 by 1024 monitors aren't nearly as good as this. You can get them a bit cheaper if you order a similar monitor direct from South Korea, but I wanted this one ASAP.

It was pretty easy to install; the DVI cable that I have doesn't work with this monitor, it's got a slightly different pin set. So I used HDMI and that worked fine. I can't make the sound work, but I'm not bothered, I'll continue to use my desktop speaker.

It doesn't seem to have any way to adjust the monitor position, but fortunately it's pretty good as it is.

A video card also arrived, that's a GTX 1050 that I hope to use to play Civ 6 on. As soon as Civ 6 has finished installing (it takes dozens of hours, becuase it's downloading something huge) I'll try it.

And Catan has arrived, which is going to be our Christmas game.

Saturday 17 December 2016

Monitor problems

Troubles come in threes. Not always, but often enough.

This started a couple of days ago with a problem on the monitor on my games computer, a nice 1920 by 1200. It stopped working. I don't know why. So I swapped it for the monitor on my terminal server, the computer that I use for terminals to my various servers, and on the terminal server, I put a Dell 1280 by 1024, because it doesn't really need to be high resolution.

Then, today, I went into my office and all the pies had stopped working. That was a power supply problem. They are powered from the 12 volt line of a standard PC power supply (actually the same power supply that feeds my terminal server) and then via power-over-ethernet to a step-down card that reduces the 12 volts to the 5.5 that the pies like. I replaced the 5 amp fuse (the fuse hadn't blown, it was the fuse holder!) and they worked.

That same 12 volt line also powers my QX2710LED 2560 by 1440 display, which I use as my main working display. So that was out too, but when I got power back to it, it would no longer work. Maybe that's what caused the power problem. So I swapped it for another 1920 by 1200 that I had spare, an Edge 10. That worked OK ... at first. Then the display started to shake and shudder and soon became unreadable.

At that point, I'd run out of high resolution monitors.

So I put on one of the four Dell 1280 by 1024 monitors that I got recently, really cheap, and that worked fine, except that the resolution is only 1280 by 1024 and I'm used to a *lot* more than that on the screen. And with more on the screen at once, I work more efficiently.

Then I had an inspiration. My workstation computer has a VGA port and a DVI port. What would happen if I put a monitor on each port?

I can tell you what happens.

You fumble around quite a lot until you realise that the computer thinks that the monitor on my left is actually on my right, you swap the monitors over, and now it's almost like I have one very wide 2560 by 1024 monitor. If I click and drag something from the right monitor towards the left, it appears on the left monitor, and I have them butted side by side so it's very natural.

Still, I miss my 2560 by 1440, and I'm going to get another one on Ebay - they're less than £200. I've ordered a 1920 by 1200, £57, coming from Germany (hurrah for the EU, it means no annoying customs duties to pay and then a huge sum to Fedex for doing the customs paperwork). And I'm bidding on a 27 inch 2560 by 1440, but if I don't get it, I'll keep trying until I get one.

 ... later ...

I got outbid on the 2560 by 1440, so I've ordered a new one for less than the second hand one went for!

Thursday 15 December 2016

Beta vulgaris

I look down into the porcelain, and saw a colour you don't want to see there - red! Red as in blood, red as in danger, red as in oh my god, what's happening down where the sun doesn't shine?

Then I thought, ladysolly has been giving me baby beetroots in my salad recently, and my fingers have been stained that same colour.

So I'm going to avoid beetroot for a few days, and if the red goes away, I'll know it was only the beetroot.

 ... update ...

After a couple of days of my non-beetroot diet, the red vanished, and everything is nice and brown again. So no problem!

Text message

I was just updating my Flash player (they found another 17 vulnerabilities) yet again (I have to do this so often now, I have a script to do it) from version to version 24.0 r0 (huh?) when the phone rang. It was an SMS message, delivered via my land line.

I get very few SMS messages on my mobile, because I don't give out my mobile number to any Tom, Dick, Harry or spammer. The message told me the number it came from, and it wasn't a number I know, so I refused to accept it.

Uh oh. I foresee a blizzard to these in future. Thanks, BT.

So I called  0800 587525, pressed 1 then 5. That means that I can no longer get SMS messages sent to my landline.

And then I finished updating my Flash player.

Wednesday 14 December 2016

Another outing

Yesterday, SimplyPaul and I went caching. First we visited Wheat Hold Walk; 12 caches plus a bonus in a wood. Many of these caches were difficult to find.

One of the caches was by a bridge; we spent a long time looking for it before giving up. Later at the event, I spoke to the cache owner, and we'd looked really hard in exactly the right place, so it wasn't there.

At one point in this series, we faced a steep downhill which, I assumed, would have a stream at the bottom. It didn't, it had a deeply muddy area. Then, on the other side of that, there was a steep upslope, about 30 degrees. Plus it was about 12 inches wide, with a couple of feet sheer wall restricting the 12 inch gap. Going up that on foot would have been really difficult - going up with a bicycle was nearly impossible. Push the bike a few inches, move the feet a few inches, repeat, repeat, repeat, repeat, slide backwards a foot, fall over onto the brambles ... eventually I got to the top.

After we finished those dozen caches, which took more than two hours, we got back to the cars for lunch. Then we drove to Baughurst Common, and whizzed around on the bikes to pick up a bunch more. One of the best was a cache very cunningly hidden in a way I've never seen before (and I've seen 46000 caches). Sadly, we found the hide but the cache wasn't there. At the event afterwards, I talked to the cache owner, and he confirmed that we'd found the hide.

Here's something we liked as we biked around.

The top righthand window featured an animated Santa. The noticeboard at the front explained which charity it was supporting.

Then on to the event, which was the regular Cunning Cachers event run by the Teddies. It's a while since I've attended one of their events, and it was very good.

Wednesday 7 December 2016

Take our survey!

I'm seeing lots of spam asking me to take a survey. For example, I recently had one that claimed to be from Amazon, claiming to be a survey about "your recent purchase". Well, actually I have made a purchase from Amazon recently. It's coming up to Chrismas, millions of people will have done the same. I don't know what happens when you visit the "survey" site - nothing good, I'd guess.

Here's another one, apparently from "Star Bucks".

Complete the survey to unlock coupons and deals.

Notice the special spelling of "starbuckss". That's another link I'm not going to click on.

So how do you stop people from clicking on links like this? You won't do it by educating them - you can't even educate people not to risk their lives by texting while they drive. But here's a way to stop most of the unthinking clicks.

I use Alpine. Alpine is available for Windows, Mac and Linux. The great thing about Alpine is that it isn't a browser-based email system. This gives me several advantages.

1) Javascript can't run
2) Pictures don't display
3) I can't click on attachments
4) Any links in the email, can't be clicked on. I can tab to the link then press enter, but that runs Lynx, a text-only browser that doesn't do javascipt.

Occasionally, I do get a problem because it seems to be a universal assumption that *everyone* runs a browser-based emailer. I can get round that problem my doing a cut-and-paste of the link from the email to a browser.

More malvertising

A cunningly contructed exploit stores it's code in png files. It relies on javascript to extract and run the code.

That doesn't affect me; I run A) an ad blocker (and this kind of thing is the main reason) and B) a javascript blocker. Lots of people don't.

The adverts that you see when you go to a web site, aren't actually hosted by the web site that you visit; they're hosted by a third party, an advertising network. An ad network buys space on web sites, and sells space to advertisers.

But here's the thing. Lots of advertising networks allow their advertisers to include javascript code with their ads.


This is crazy - it's just asking for trouble.

There's a full description of the malvertising malware on the Eset WeLiveSecurity web site. But that's just one bad malware thing. There's plenty of others. That's why I run uBlock Origin to block ads, I block advertising sites via my hosts file and I disable javascipt using NoScript.

Sunday 4 December 2016

Shopping around.

I was tasked to purchase a Christmas present for grandson.1, a "Toys 'R US Fast Lane Radio Control FLX Nano Drone". I don't think he reads my blog yet, so it's safe to reveal this. So I went to the Toys 'R US web site, £29.99, plus £2.95 delivery.

Then I went to Ebay. Same thing, £19.99, plus £2.95 delivery.

And the funny thing is, that's also from Toys 'R US!

Thursday 1 December 2016

Brexit means ...

David Davis is the "Brexit secretary". He's said that we might be willing to pay the EU to get access to the single market. I'm guessing £350 million per week?

Boris Johnson, our Foreign Minister, has said that he supports freedom of movement (although he said that it isn't government policy).

So all we need now is harmonisation of regulations (already in place) and free movement of capital. And then we can leave the EU while keeping all the advantages of membership.

Truly, Brexit means ... um?

Sunday 27 November 2016

Lunch at Reubens

Every two years, the class of 1959, Grocers Company School, get together for a reunion. This reunion celebrated 50 years since we all left school. Of the original 105 children, 20 elderly men came to the lunch.

I had chopped liver, salt beef with latkes followed by lockshen pudding and coffee, with a bottle of wine to help it along. The talk was a mixture of catch-up on "what I did after school", "where is he now" and current events; it was an excellent lunch, and we're all grateful to the organisers.

I discovered something that I'm amazed I didn't know. I had thought that I was the only person in my year to go to Cambridge - I was wrong. Laurence Moody (a second cousin of Ron Moody) did English at Jesus. But A) at school we mathematicians, who regarded ourselves as la creme de la creme, didn't mix with the arts types, B) he was at a different college and C) there was no Jewish Society, although I'm not sure I'd have joined if there had been.

A great day out!

Saturday 26 November 2016

The nativity play

I don't think I've ever been to a Nativity before, although ladysolly thinks I must have. I have a poor memory, so maybe she's right, I don't remember.

I was invited to grandson.1's Nativity play. Naturally, I went.

We got up at 7am to get to London in time for the start. And because there's a major traffic obstruction at the junction leading to the nearest tube station, we had to go to Gerrards Cross train station to get into London, then a Taxi to St Michaels church. We arrived in good time, and joined the line of parents outside the church. For some reason (no room in the church?), they didn't allow us inside, so we all froze in the cold and blustery weather.

Ladysolly trotted off in search of coffee; I found a niche against a wall and tried not to think about my feet turning to ice. We'd arrived *far* too early.

Ladysolly came back with two large cups of hot coffee, which helped a little, then daughter.1 turned up, then daughter.2. Grandson.1 was inside the church, getting ready - he had a speaking part.

Ladysolly and I were huddling together for warmth, which helped a bit, and then they opened the church doors and we all went in; it was nicely warm inside. And impressive.

It's a huge building, with stained glass windows ...

and an organ ...

The audience was pretty big. I suppose they had a good idea of how many would attend, and the place was filled.

The play started. The heroes of the story were Sam and his friend Mouse. A dozen children filed down the aisle to the front and gave us the first song. They were dressed as Wild West cowboys, which slightly surprised me as I thought I knew the story, and cowboys aren't in it.  Because I don't think Wild West cowboys existed 2000 years ago, but hey, what do I know about this - other elements of the story are more improbable. So the cowboys sang a hoedown, and then Sam and Mouse explained that Sam's job is to keep the stable clean - he works hard and isn't appreciated.

The play progressed - short lengths of dialogue were interspersed by teams of kids, class by class, trotting down the aisle to deliver their song. Some of them were dressed as sheep, some as horses or camels,  there was an excellent team of angels and the story unfolded. Mary (well played by a little girl who I'm sure was jewish) and Joseph (who from his name Kei Endo would probably be japanese, so possibly Shinto) arrived at the inn and were told by the innkeeper (played by Vikramaditya and I'd guess Hindu?) that they were full, but they could have the stable. Sam's stable.

So they bedded down there, and I think I might have missed an important part, but suddenly there was also a baby (whereas in my experience it takes the best part of a day for a baby to appear), and Mary was uncomfortable because the hay was prickly so they went outside and saw a star, and that's when the three wise men (actually two wise men and a wise woman) appeared, with grandson.1 as one of them, carrying a huge gold brick.

The gifts were gifted (and a song sung) and Mouse had the idea of replacing the prickly hay with softer hay, so the family would be more comfortable. Hence the title of the play.

I suspect that the author of the play might have confused hay with straw. Straw can be prickly, but hay is dried grass.  But never mind.

The play concuded with the song "Christmas is for you", which I agree with, then the headmaster thanked the staff, the parents, the musicians and everyone else who helped for all their hard work. Then the vicar thanked god, who hadn't actually done anything, but I suppose that's the vicar's job.

After the play, we all went to the Science Museum, where I renewed my friendship with the Newcomen steam engine, Puffing Billy and the Rocket.

Thursday 24 November 2016


So here's the question. Should you tell your children that Santa Claus bring presents if they're good?

A recent article in the Lancet discussed this, without, of course, coming to any conclusion.

I think it's easy. Yes, you should tell your children that Santa Claus bring presents if they're good, because when they find out that you're lying, it teaches them the valuable lesson that not everything that other people say is true, even people in authority. And in particular, extraordinary claims require extraordinary evidence, and claims about invisible, immortal, all-knowing and all-powerful entities should be treated with a considerable pinch of salt.

This Christmas, give your children the gift of scepticism.

Another tech support scam

This one was slightly different.

The call was, of course, from David at "Windows Technical Department", a company that has often called me in the past. And it was about malware on my computer, of course.

I decided to play "upstairs, downstairs". This is the game whereby my phone is downstairs, but the computer is upstairs. No, I don't have a mobile phone. No, it isn't a laptop. Yes, I can bring it downstairs.

So David waited patiently for five minutes, then I spoke to him again to tell him the good news. I've brought the monitor down, now I need to get the big box. He hung on for another five minutes while I got the big box, then I asked him how to plug it all in. He explained that to me, and another five minutes passed while I did that, and I got back to him and he asked me to switch it on.

"I don't have a power point here. I'll have to get an extension."

Another five minutes passed while I did that, then I plugged it in. "Are you connected to the internet?" he asked. "No, the internet connection is upstairs." "Do you have Wifi?" "What's that?" "Can you connect to the internet now?" "Yes," I said, "hang on, I'll do that."

Ten minutes went by, with me giving him an occasional piece of encouragement, as I humped the computer, monitor and keyboard upstairs again. Then I proudly told him "OK, it's connected to the internet now." "What do you see." "Hang on, I'll go and have a look."

I think at this point he realised that we were back with the original "upstairs, downstairs" problem. He changed tack.

"What do you use the computer for?" "Oh, stuff," I said, vaguely. "Email?" "Yes" "Online shopping, Amazon, Ebay?" "Yes" "Online banking?" "No, that's too complicated for me."

He consulted with someone in his office. "We need to upload security to your system, we can do that via your IP address. It will cost you £2 for five years, and that will cover your computer even if you buy a new one." "Well, that sounds very reasonable, let's do it." "You'll pay with credit card." "I don't have a credit card." "Debit card?" "I don't have one of those either, can I pay you by cheque?" "The amount is too small for a cheque." "Can I pay you cash, then?" I'm kind of hoping he'll give me his address, but it didn't work. He's hoping I'll give him a credit card number to steal from, but that didn't work.

He hung up. I managed to waste an hour of his time, so that's a dozen other people he didn't try to scam. Caller ID said "01467646309" but that was fake, of course. However, if you google that number, he's obviously been a busy little bee.

Tuesday 22 November 2016

The night I met Tetris

It was 1991. I was working in the virus lab on a bunch of stuff sent in by various people.

Each candidate file got copied to my "infectable" computer, an old IBM PC clone without a hard drive. Then I ran the COM or EXE file. Then I ran my "goat" files, several tiny programs that only existed to get infected. Once one of more of them were infected,  A) I knew that it was indeed a virus, and B) I had the virus isolated in that infected file.

By a year or so later, I automated that process, using Novell Netware 2 to store the candidate files and feed them one at a time, as if from a hopper, onto the infectable computer, run the file, run the goats, filter off any that changed, re-image the infectable computer and on to the next candidate. It made things a lot faster and more efficient.

But in 1991, I hadn't automated things. So I ran the candidate file. And that was the first time I encountered Tetris.

Three hours later, I was still playing the game.

Friday 18 November 2016

Homeopathy doesn't work

You'll probably remember a few blogs here on this topic - ranting against the money that the NHS wastes on this, and against the support of this snake oil by Bigears. Well, the US government has decided to support me on this. In future, homeopathic "remedies" have to have a label that says "This product doesn't work" or similar.

I expect the vendors will find ways to wriggle round this, and consumers who don't bother reading the product packaging will continue to be duped. But probably the biggest way they'll get round this is by using the same method used by cosmetics and other advertisers; they'll truthfully use the "8 out of 10 cats" line, as in "8 out of 10 cats prefer Whiskas", or "reduces the appearance of wrinkles".

So we have to continue the struggle against snake oil.

Wednesday 16 November 2016

Another birther

You might recollect the rumour that Obama wasn't born in the USA. It was false, of course, but a leading light in publicising the rumour was Donald Trump.

Now there's a rumour that Trump was born in Pakistan.

This, of course, is also completely unfounded, and it's already been debunked by Snopes.

Did you know that the word "irony" isn't in Websters US dictionary? Or the word "gullible".

One more cache.

It was a suitably dark and windy night as I parked and set off. Not knowing exactly what I'd need at GZ, but knowing that I wouldn't want to trek all the way back to the car to get what would be necessary, I chose a wide selection of special equipment from the assortment that I usually carry in the car.

I read in the logs that a telescopic ladder would be useful, but mine is pretty heavy and I didn't fancy humping it half a mile. Instead, I took my grapnel and the rope ladder, as well as the reaching tool that extends my arm reach. I took a length of nylon rope and a strong magnet - some caches can be "cheated" by using a magnet. In case it was the kind of cache where you have to apply liquid to make the cache appear, I took a two litre bottle of water, and a strong head torch. And several other items, which I probably should not disclose here. I didn't bother with the ghost repellent, because, well, I don't believe in ghosts.

So I loaded up my rucksack (a wheelbarrow would have been helpful) and headed off into the night.

It was at that point that it started to rain.

But hey, I'm a cacher, a bit of wet doesn't discourage me. I pressed on.

By the time I got to GZ, the rain had turned to snow. Snow is both cold, of course, and wet, because when it settles on you, it melts. But hey, I'm a cacher, a bit of cold and wet doesn't discourage me.

I hurled my grapnel up into the darkness, and after a few tries, it lodged on something. Batman always gets his lodged first time - let me tell you that in reality, it isn't like that. So I tied my rope ladder to the grapnel, and started the ascent.

And then I saw the first lighting, and a couple of seconds later, heard the thunder. Sound travels about a kilometer in two seconds, so the the thunderstorm was a fair distance away, and I judged it safe to do the ascent.

I should have known better. Thunderstorms move, and this one was no exception. As I straddled a branch, I comforted myself with the thought that if it hit the tree, I'd probably be OK. Probably. At least I wasn't on that metal telescopic ladder! I reached for the cache, only to find that I was a couple of feet short. But I had my reacher tool! And with that, I was able to grip the cache and get it out of its niche.

And then I dropped it.

At GZ, the grass is long and the undergrowth is gnarly. And I was getting cold, wet and miserable. At least the thunderstorm had passed, so I was no longer worried about electrocution. And after a long search, I finally laid hands on the little blighter, and was able to sign the log.

The reast was easy. Or at least, it should have been. The grapnel was already in place, so getting up again was easy, and I used the reacher, careful not to drop the container, to place it back into its niche. And with that done, I sighed with relief - job done.
And it was at that moment that the owl, unused to human beings lurking in trees, flew past and complained "Woo Woo".

You remember I told you that I don't believe in ghosts? That's an evidence-based belief, based on having no evidence in favour. But when you're up in a haunted tree and something goes "Woo woo" in your ear, that isn't the time for careful reflection and the discounting of old wives tales.

Fortunately, I was already so wet from the rain and snow, that any extra liquid wouldn't show. I slunk back to the car, and drove home to a hot bath.


Out and about

I found a nice circuit just southwest of Milton Keynes, and invited SimplyPaul to join me in going round.

We parked at the village hall at Thornborough, and set off, on foot. We didn't go by bike, because the whole route was on footpaths, and I was expecting several stiles.

It went well, and we found all the caches; 22 in all, no DNFs. But by the time we got back to the cars, my legs were giving me grief, and I decided to wimp out of the second circuit.

Near the end of the circuit, we saw these great gates.

Tuesday 15 November 2016

The news

How can I find out what is going on?

The newspapers are all very obviously biassed. We used to take the Telegraph, but that deteriorated so much that only the Matt cartoon was worth reading. We take the Times now, but that's almost as biassed as the Telegraph used to be. I can't think of any other newspapers that might be useful.

Apparently, a lot of people now get their news from Facebook, a place where anyone can post anything no matter how incorrect. Or Twitter, which is the same but briefer.


I think that many people have a particular field of expertise, and you can compare what the media say, with what you know is right in your field. When I first did this 25 years ago, I was really surprised at how incorrect the newspapers were. And how shallowly they investigated, and how readily they believed random people. It's the same now, only worse, because it looks like the newspapers are getting a lot of their information from Facebook and Twitter. See above for what that does.

I suppose I have to accept that I can't know what's happening, and hope that at least I can get a good grasp on stuff that happened 50 years ago.

Monday 14 November 2016

NHS email

The NHS email system hit a rock today.

An unnamed IT staffer sent a test email to a list containing 1.2 million NHS employees. Some of those emailed back to the list with "please take me off this list" or "Did you make a mistake"; each such email resulted in another 1.2 million emails. And some people had "Acknowledge receipt" with mean that just reading that email sent another email.

You can imagine what happened to the email server. It's called an email storm. It's not easy to sort out; you have to filter out emails about the email storm and delete them unsent. It must have been a nightmare for the IT staff.

But what I'm wondering is, how was this even possible? How do you set up an email list of 1.2 million people; you aren't going to be typing them in one at a time.

And when you hit "send", why did the email system allow it through? If I were designing the NHS email system, I'd put an upper limit on the number of people that you could send an email to. Which would be less than a hundred.

Sunday 13 November 2016

Piqued, peaked and peeked.

I understand that I'm tilting at windmills here. But.

I really am fed up with the misuse of the phrase "piqued my imagination". It seems to me that hardly anyone gets this right. It's either "peaked" (18,100 hits on Google) or "peeked" (4,150 hits). I'm glad to report that "piqued my imagination" got 47,800 hits, so all is not yet lost.

At least "peaked" means "reached the highest point", and there's some excuse for getting it wrong. But "peeked" means "had a quick look at".

I have similar beefs with "loathe" and "loath", which mean *completely* different things. Also "diffuse" and "defuse" which also have very different meanings but are often confused. And "horde" and "hoard".

"Decimate" has completely lost its real meaning, and the words "disinterested" and "uninterested" appear to have merged.

Am I the only one who cares? Yes, I know that English words change their meaning, and "gay" doesn't mean what it meant 50 years ago. But I don't think that this is a mutation of meaning, I think it's just inadequate education and lack of care. If you're going to make the effort to use latin-derived and/or uncommon words, you should also make the effort to get them right. "Journalists" are the worst; if your profession is the use of words, you have an obligation to use them correctly. But in the era of blogging and online media, everyone seems to think they're a journalist.


I've pretty much given up on the difference between "due to" and "owing to", which it would seem that very few people can distinguish.

Thursday 10 November 2016

Not a great day

Today wasn't a great day.

FIrst, I had a call from TalkTalk (TT); my last invoice wasn't paid.

We investigated. The bank wouldn't honour the Direct Debit (DD), and they said that it was because the amount was greater than the funds in the account. But we run a "sweeper" account, and we have on occasion paid out more than in the account in the past; for example to HMRC. And because it's a "sweeper", there's funds in the account that is swept to/from, so the bank isn't taking any risk in honouring the DD. After a lot more talk to the bank, they retreated to a different reason; Talktalk used a DD number that hadn't been approved.


I've been paying TT by direct debit for a couple of decades now, because they were billing me for the DSL lines. But it seems that for the new 100 mbit line, they made up a new DD number and tried to bill that. When it didn't work, they didn't bother to tell me. And the bank didn't bother to tell me of a failed attempt to do a DD. So I explained to the bank that it would have been nice if they'd told me about what they presumably considered to be a fraudulent attempt to charge a DD against my account. And they told me that they don't do that. Which means that a random criminal can do DDs on you and you'll never know that there's any fraud being attempted. So this all came as a bit of a surprise.

After about two hours of phoning TT and the bank, we came up with a solution; I paid TT by credit card (which will cost them more than a DD would, but they seemed to be happy) and TT will set up a DD for the future.

Job done.

The next thing was a visit to the dentist. Last time I went, to patch up a chipped tooth (chipped on a plum stone, would you believe) the dentist took four x-rays of my teeth (top and bottom, left and right) and on examining them, she recommended two fillings and an extraction.

Fillings aren't too bad, but an extraction? Ugh!

Not as bad as it sounds. The extraction is for a fragment of tooth that was just floating free of the jaw. The first filling wasn't too bad, except she used the vibrating drill as well as the water jet drill, and that really isn't nice. The second filling needed local anasthetic, and because my jaw was totally numb, I hardly felt a thing (more vibrating drill). And then she did the extraction, using a tool that looked like a tiny spoon, followed by tweezers, and it was a small but very jagged piece of tooth that wasn't doing anything useful but could have caused a problem one day. So then I chomped on a wadding until the bleeding stopped, and I should be good by the time I have supper. She's a good dentist. And they're taking on more patients, if you live anywhere near Amersham, I can recommend Hill Avenue Dental.

The third thing was a penalty notice for ladysolly parking in the Chalfont and Latimer tube station car park. Fortunately, she had kept the receipt that the machine gives you. Actually, there's no luck involved; it's pretty obvious that it's a good idea to get and keep that receipt. So I took a picture of the receipt, logged in to the NCP web site and put in an appeal against the fine, on the grounds that the parking fee had been paid, and we had proof via the receipt. I don't know how they made that cockup. Computers, eh?

So, as I said, not a great day, but I do feel that in all three situations, I came out on top.
And tomorrow is my birthday!

Wednesday 9 November 2016

The bubble

Every post I see on Facebook is unhappy at the Trump victory. All of them. Yet I know that about half the people in the US don't feel that way.

This means that I'm seeing a *very* biased sample.  This means that I'm mostly out of touch with how Americans feel. That's probably not too important, since I don't live in America, but it's made me think. There's probably other matters where I'm in an echo chamber of people who think like I do. Brexit, for example.

But it isn't just politics. There's other subjects where I'm in an echo chamber - computer security, for example. Everyone I see posting on Facebook thinks that computers are very insecure, and that this is important. Yet I think that most people don't agree, or at least don't care.

Which echo chambers are you in?


My first post on the US election was about a year ago. I won't say I made a great forecast, because I didn't. I was sad when Hillary displaced Bernie, and I'm sad that the USA has made the choice they have, but it's their country, so it's their choice.

So now they have a Republican president, a Republican Senate and a Republican House of Representatives, which should mean that the Republicans get to do whatever they want. Plus they can appoint a strong Republican to the Supreme Court, which means that the Supreme Court might not be any kind of obstruction.

So what will they do?

I expect them to reverse everything that Obama did, of which the biggest was "Obamacare", the Affordable Care Act. Which isn't anything like the National Health services that we have in most Western countries, but was a kind of baby step in that direction. What will replace it? I would guess Trumpcare, which will be completely different from Obamacare and yet pretty much the same.

The Great Mexican Wall will mutate into some yards of actual bricks, but mostly a virtual wall of rules and regulations. The "Mexico will pay for it" will be implemented as some tariffs on imports from Mexico, which they will then claim is paying for the "wall".

The "total and complete ban on muslims" will mutate into a careful examination of immigrants (which, of course, they already have) and the "get jobs back into America" will turn out to be a tariff on goods from China.

There won't be a mass migration of Americans to Canada, because that was always just talk, and unless life becomes seriously awful in America (which I don't think it will) there will be no incentive to up sticks.

Things won't get better for the people who voted for Trump, because the forces that are killing manufacturing industry in America can't be Canuted out of existence.


Barclays ePQD

Barclays Merchant Services have an online system called ePDQ. When I want to do a refund, or if I want to check on whether a payment went through, I log into their system to see. Recently, they changed their password system.

Formerly, a password had to be at least 8 characters, of which one was numeric. And you had to change it each month, and you weren't allowed to reuse previous passwords for 6 months. Now it has to be at least 10 characters, of which at least one must be upper case, one lower case, one digit and one special character. And you can't reuse previous passwords for 12 months.

So I was happily cycling around 6 similar passwords; now I have to cycle around 12 passwords, and since there are 12 months in the year ...

So I complained. I complained about two things. A) I used to be able to search past transactions for the one I was looking for. Now, I can only search over a period of 30 days "to improve efficiency". But that doesn't improve efficiency, it reduces it. It means I have to do, for example, six searches instead of one. That's going to consume more of their computer time, and more of my time. B) The second thing I complained about, was Security Theater.

Security Theater is when an organisation does something that looks like security is improved, but actually it does nothing useful. Increasing the length of passwords, and adding special characters and so on, is useful against brute force attacks (where the password is guessed by trying all possible combinations). But a much better defence against brute force attacks would be to enforce a period of time between attempts to log in. So if you made a mistake in the password, you couldn't try again until four seconds have elapsed. If you get it wrong again, 8 seconds. Get it wrong again, 16 seconds. And so on. Or even, only allow three attempts, and you can't try again until tomorrow.

But brute force isn't actually how passwords get compromised. Compromise happens because people reuse passwords on multiple sites, or because they're asked to memorise such a long and complex password that they have to write it down, for example, on a post-it note stuck to the monitor. Duh.

A much better way to ensure security is to use two factor authentication. So, for example, on the HMRC site, I log in with my username and password, it sends a code to my mobile, and I have to type that code in. Two factors; the password, and possession of the mobile.

Another way to do this, is to issue the user with a small device. You log in, you get given a six digit code, you enter it into the device, it gives you another six digit code, you feed that into the web site. Two factors, the password, and possession of the device.

And that's what Barclays Online services do. I have the device, it's called a PINsentry. If Barclays Bank have understood this, how come Barclays Merchant Services haven't?

So I got called today about my complaint. The call started off badly, she didn't know my name. So I've been called by someone, I don't know who, all I know is they are claiming to be BMS, and now she wants me to reveal the information she needs to do the "security check". Naturally, I refused until she was able to prove to me that she really was BMS; fortunately she was able to do that.

So I've also requested that we use a password system so that next time I'm called by BMS, the caller is able to give the password that reassures me that she's not actually some scammer after my personal details.

Tuesday 8 November 2016


I first learned about Swarfega more than 50 years ago. And I can't remember how I learned about it, which probably means that it came from my parents, which probably means my father, although since he died when I was five, I'm guessing that there was a tin of it at home.

When you work on a bike or a car, your hands become black with oil and grease. Soap helps only a little; to get your hands clean again, Swarfega is the way. I suppose there must be other products, but Swarfega is the one I know about.

You get a splodge of it out of the tin (now a plastic tub, or a pump-action bottle) and rub it all over your dry hands. Then you rinse, and magically, all the greasy dirt rinses off.

There's also an orange version, which A) has a nice orangey smell and B) contains a sort of gritty gritness (actually bits of corn grit, and therefore biodegradable) that helps scrub your hands.

I use both. You can get it cheaper on Ebay.

I recently dismantled the hub gears of my bike; the inside grease had become black and sticky, and my hands were really filthy with it. Swarfega made them sparkly clean again.


Friday 4 November 2016

Apsley forest

I went out with SimplyPaul yesterday. We did three circuits; Charlie's 3rd loop, Charlie's 6th loop and Charlie's 4th loop.

By the time we finished the last circuit, I was cream crackered, and my back was hurting - the state of my back has been my limitation for a long time. But I'd solved the starting point for a night cache, and it had taken me a couple of hours to do the necessary jigsaw puzzle, so I really wanted to do it.

So we drove to the jumping off point, hopped over a stile and set off. I saw the first fire tack immediately, and that was a comfort.

Following the trail of fire tacks went well at first, but they weren't close together. And at one point, I missed the turn, and continued forward. Then I saw a point of light in the distance, and reassured by that, pressed on. I saw the point of light a couple more times, and we carried on. Then I saw the point of light move. And then a second point very close to it. It was a pair of points of light. A pair of eyes. A deer.

Cursing the deer, we turned back, and after retracing our steps, found where we should have turned off.

After that, we were more careful, and although we had to cast about at times, we found the trail, until eventually we found the final, which was, of course, not far from the starting point.

Then on to an event in Milton Keyes to meet lots of other cachers, old and young, old and new.

A good day out, with about 50 finds and 2 DNFs.

Wednesday 2 November 2016

The US election is increasing American stupidity.

I read "The Daily Beast", it gives me a very one-sided view of US politics. But this:

"Say you’re a Donald Trump voter and, with just six more rotations around the sun until Election Day, you want to contribute your hard-earned money"

I'm aware that many Americans think that the universe is 6000 years old, and that some think that the earth is flat. That the moon landing didn't happen and that 9/11 was done by the US government. But here's a "journalist" under the impression that the earth rotates around the sun?

Well, of course, it does. This takes a year. The US election isn't six years away, it's six days. This idiot thinks doesn't know that the apparent progression of the sun across the sky, is because the earth spins on its axis, not because it "rotates around the sun". And if there's anyone proofreading these articles, they didn't catch this bad idea.

Stupidity must be infectious.

Sunday 30 October 2016

Sitting Shiva

I had two deaths in the family recently. My great-aunt, aged 99 died, and ladysolly' brother's mother-in-law, aged 97. So I've been to two funerals, and two shivas.

Shiva is a period of a few days after the funeral, where you visit the bereaved. It's a bit like a wake, only with smoked salmon and brioche instead of whiskey and beer. And it's a good opportunity for the family to get together and chat. And cake.

So here's what I learned.

One of my nieces, who is frumm, conforms to the idea that a married woman should always have her hair covered. You thought that was only muslims? But in yiddishkeit, it's slightly different. She covers her hair with a sheitel, a wig. And her wig is exactly the same as her hair, and this is obvious because she has an identical twin sister. So what, exactly, is achieved by her covering her hair with a wig that's exactly the same as her hair? Don't ask me. Although she looked very good, so maybe that's why.

Ladysolly always wears a hat at funerals and suchlike; it's a bit round black hat and it looks very good on her. I wear a hat too, of course, it being compulsory for men to wear something on your head even if it's just a yamulke, and I'm not going to wear my pastafarian headgear at a funeral. So I wear a homburg which is much more dignified than a pasta straining bowl - so much so that I've sometimes been mistaken for one of the rabbis. Although I've never been able to discover the biblical commandment that requires this.

And I heard another story. A relative needed to make kosher her dinner plates and other eating-ware. I didn't hear the start of the tale about why this was necessary, but it was to do with one of her children being frumm. So she contacted the rabbi, and the rabbi said that he could do this for her. He boiled up a big shissel and, wearing heavy gloves, dipped each item into the boiling water for a while. This cost my relative £275, and the hours spent boiling the shissel ruined her cooker. So we discussed that a bit, and another relative related how her mother would bury any offending utensil (for example, if a meat fork had accidentally been used for milk) in the garden. It had to stay buried for a period of time (I don't know how long) and she'd mark it with a plant marker so she'd know when it was OK to dig it up. Although research using Google seems to indicate that the burying idea is completely wrong, although more than one person mentions it.

Anyway, I had schmaltz herring, and smoked salmon, and brioche, and lemon cake, and chocolate cake, lots of coffee and I saw all my cousins and innumerable nephews and nieces, not to mention assorted tiddlers who are too small for me to know their names.


Last night, the clocks went back.

I find this whole exercise of moving the clocks to and fro quite silly. But since everyone else is doing it, I have to.

Many of my clocks did it themselves - every computer, these days, knows about BST and adjusts itself without even telling you. And I have a radio-controlled clock which always sets itself correctly.  It wasn't always like that.

Back in 1984, 32 years ago, I had an IBM PC. And each time you started it up, it didn't know the date, let alone the time. It was January 1, 1980, and you had to tell it otherwise if you wanted your files datestamped correctly.

I had a little utility that I put in my autoexec, so that it ran each time I started up the computer. It read it's own file date and time, and assumed that the date and time was that, and I'd hit the up arrow to tell it that it was tomorrow.

Then the IBM AT had CMOS and a battery, so that once it knew the date and time, it knew it even after a reboot. But the PC clock wasn't an accurate clock, so it wandered off, gradually getting more and more distant from reality. People would say "I spent £1000 on this computer and it can't even keep good time!" Well, it can't make toast either. It's a computer, it's neither a clock nor a toaster.

When I started running Unix, I found out about ntp and time servers. If you do "rdate -s" then your system would reach out across the internet, and get the time from a public time server. I told one of my servers to do that once per day, and I told all my other servers to get the time from that server.

When I first got a Raspberry Pi, I found a familiar situation - it forgot the time each time it was powered up. You can get add-ons to fix that, but I just use my existing time server to get the date and time each time a Pi starts up.

So that's sorted for another six months.

Thursday 27 October 2016


There is a school of thought that says that in writing, you shouldn't repeat words. As a result, when you read something authored by someone brought up to believe that, they make liberal use of synonyms.

So, for example, if you read an article about Trump (and that's a good source of amusement), you'll find that the Republican party is often referred to as  the GOP.

There's three problems with this. The first is that when I read an article sprinkled with synonyms, I have to pause at each one to translate it. The second is that maybe some people don't know that the term you're using is a synonym, and think that it means something different. But the third is the worst - it's when the writer thinks they're using a synonym, but actually the word has a subtly different meaning, and the reader comes away from the piece with a complete misapprehension of what the writer was trying to say.

Please avoid using unnecessary synonyms. And words that mean the same thing.

Monday 24 October 2016

Back to the Essex Way

I did the whole of the Essex Way a few years ago, and it was good. This is a revival of part of that series, so I decided to do it.

There were 15 caches along the route, and then I did a dozen more in Epping. I had lunch back in the car, and then went back home.

Sunday 23 October 2016

Another big bang

30 years ago, I worked in the City, pretending to be a stockbroker. I say "pretending" because I was never able to work out what I was supposed to be doing. As far as I could tell, my task was to make up stories that would persuade people to either buy or sell shares, and surely it couldn't be a crass as that? For a long time, I thought there had to be something rational underpinning it all, but eventually I decided that I couldn't see anything. And not long after that, I stopped being a stockbroker.

But while I was there wearing pinstripes, leather shoes, no braces and trying not to laugh, the Big Bang happened, 30 years ago, 27 October 1986. The floor of the stock exchange became deserted, all trading was electronic. And then we had the Michael Fish hurricane on the night of 15-16 October 1987, which was followed by Black Monday, October 19, 1987, the day that A) stock prices plummeted by several percent and B) trading volumes plummeted to a tenth of previous levels.

What followed was a series of amalgamations between brokers, jobbers, banks and other assorted spivs and barrowboys. The City adjusted to the new rules and carried on as before, except they didn't need so many people (including me).

It's all electronic now.

Think about that for a moment, because if everything is electronic, it really doesn't matter where people are located. Except that where they are located, affects what rules and regulations they have to comply with.

With the EU, there's a single market. So if you can trade in one country, you can trade on an equal basis with the other 27. If you're authorised to be a bank in the UK, then you can equally be a bank in 27 other countries.

And then Brexit.

Suddenly, if you're authorised to be a bank in the UK, you aren't authorised to be a bank in 27 other countries.

So, imagine you're on the management board of a large bank that trades internationally. If you're based in the UK, you aren't authorised to do financial stuff in the EU. The obvious solution is to relocate. And you're not going to wait until the day before Brexit Day.

We don't know yet what Brexit means. Yes, Brexit means Brexit, ho ho ho. What a useless definition. There's an important question - will the UK still have access to the single market? Because the cost of that, will be the abandonment of control over immigration from the EU to the UK. And some people are saying that the referendum vote to leave the EU, was a vote to stop uncontrolled immigration from the EU (although that certainly wasn't on the voting slip that I put my X on, so I don't know how people can say this).

If Brexit means control over EU immigration (and, by the way, Theresa May wasn't able to control non-EU immigration when she was Home Secretary, so what hope of doing so in future?) then it means leaving the single market, because the EU isn't going to let us eat the beans and leave the brussels.

And if we leave the single market, then the City will up sticks and move. Probably to Germany, maybe to Brussels. Or possibly to Ireland, where they have an educated english-speaking population very near to London.

Now you might think "Good riddance, it's the banksters who caused the financial crisis", although actually it was the politicians who caused it by insufficient regulation of the finance industry, because you can't expect banksters to refrain from chasing profits. But actually, we'll be just as dependent on the banks in future as we are now, because banking is a necessary service in any economy.

The difference will be that the taxation revenue that the country gets from the financial service industry, will also relocate.

And the City London contributes £67 billion per year in taxes to the government's handbag. Which makes even the famously non-existent $350 million/week on the side of the Brexit bus look puny.

Saturday 22 October 2016

Internet preservation

The internet has become important. If a situation arises whereby I cannot do my VAT return, civilisation will fall. And I'm not being sarcastic here; if I, and everyone else, cannot pay our taxes, cannot access our banking, cannot use our credit cards, then the problem is immense.

The recent attack on DYN, was an attack on the DNS infrastructure of the internet. My experience was that my inability to access the HMRC VAT-paying site, was a DNS problem. I know this, because I tried to use nslookup on the domain I was trying to get to, and DNS didn't work.

The attack was caused by a DDoS. A zillion compromised computers were all accessing the DYN site, which was thereby unable to cope with the load. Clearly, this issue needs to be dealt with, because if I can't pay my VAT, the government can't function.

It's rare that I would say that government has to take action - I much prefer governments to be inactive, or incompetent, or both. I've been lucky with that so far. But in some matters, government action is actually needed.

For example, food safety. Before regulation, you could add anything you like. You could add water to milk, which at least doesn't make it less safe. You can add brick powder to chilli powder. And you could add all sorts of poisonous things to food.

The market can't fix this; it has to be legislation. So we have food safety legislation all over the world now; the things you eat are safe, and if they aren't, someone can go to prison.

The electricity that magically emerges from your wall; it has to be 240 volts and 50 hertz. If one day it came out as 1000 volts, that would blow all your fuses and ruin many appliances. So it's regulated.

But I'm not advocating that the internet be regulated, because that's probably not possible. It is, however, possible to regulate the sale of appliances.

Electricity can kill. I've had a couple of 240 volt electric shocks, and that was only in one hand, and it hurt. A lot. So the safety of electrical appliances is regulated. For example, anything being used outside the house, has to be protected by an earth leakage circuit breaker. That's to stop people from killing themselves with electric lawnmowers.

Likewise cars; there's a legal safety requirement, and an annual test for safety. And gas appliances, and so on and so on.

We need the sale of internet-connectable appliances to be regulated to meet a minimum safety standard. For example, there should not be hardcoded passwords that leave an entire brand of products vulnerable. Right now, internet-connectable appliances (such as "smart light bulbs", cameras or toasters) aren't required to have any internet safety. The thinking is, why would anyone hack my toaster? The problem is that if you hack ten million toasters, then you have a bot army that can DDoS the internet into a smoking hulk.

Unfortunately, we have in charge of our governments, people who haven't a Scoobie. So this probably won't happen until the problem gets so bad that we're devolved back to pigeon post.

Friday 21 October 2016

Four Pies

In my office, I have four Raspberry Pies. On runs the Geocaching Robot Arm, one monitors my front garden and road outside, one drives a seven inch screen (which wants a 12 volt power supply, isn't that handy?) showing me a continuous update of the usage of my 100 mbps line, and the fourth one drives a 17 inch screen that shows the details of line usage.

I've just reorganised the way they're powered. Before, it was a mish-mash of different power supplies, reflecting the fact that these systems have evolved over the last few years. Now I've rationalised things.

I have a computer - a rather small box, which I used to run several terminals on the same screen. A few years ago, the power supply in that failed, and because it's such a small box, it can't take a standard PSU (ATX power supply). So I put a standard ATX power supply on top of it, and led the wires inside. This is what is technically known as a kludge. What I realised just yesterday, was that the same ATX power supply could be used more widely.

I have another computer that I use as my main workstation. Several months ago, the power brick failed for the monitor (a lovely big 27 inch screen, 2560 by 1440 pixels). I looked on Ebay for a replacement power brick, couldn't find one, then realised that all it wanted was 12 volts. The answer is obvious. So I take 12 volts from the ATX supply, and it powers the monitor just fine, meaning I won't need to shell out a couple of hundred pounds for a replacement monitor.

The big change was the Pies. I'm using PoE, Power over Ethernet. In an ethernet cable, only two of the four pairs are used for data. The other two pairs just aren't used for 100 mbit ethernet, only for gigabit, which I'm not using in my office.

So I bought a bunch of PoE splitters, £1.24 per pair on Ebay. I'm using four of them, they're connected to the 12 volt line on the power supply, and to an ethernet switch.

At the other end of the ethernet cable, I put the other half of the splitter, so now the same cable is carrying the ethernet data, and the power. But hey, you're thinking, that's 12 volts, and the Pies want 5 volts. If I sent five volts down the ethernet cable, by the time it got to the Pies, the voltage would have dropped, and since the lengths of cable are different, the voltage drop would be different. So I put 12 volts down the line, and at the end where each Raspberry is, I put a voltage converter  with included voltmeter, to step the 12 volts down to 5.25.

The Pi wants less than 2 watts (under half an amp at 5 volts). So the 12 volt line will be transmitting under 0.2 amps, and the PoE spec says it can handle 1 amp. Still, I put a 5 amp fuse at the end where the PSU is, and that's carrying four Pies and the screen, which I reckon would be about 2 amps total - I had a car fuse that blows at 5 amps, left over from a bike project.

So now all my cabling is nice and neat, and I've dispensed with three power supplies that have gone back into my box of bits.

I can't do my VAT

It's that time of year again. Four times per year, I have to fill in the VAT form that tell HMRC how much money they're going to take from me to waste on things other than beer. So I went to the HMRC web site and  clicked on "start now".

After a long pause, it redirected me to and I was told "Site unavailable".

So I tried to ping it. Nothing. So I checked that the DNS was resolving, with "nslookup". Nothing. Clearly, something catastrophic has happened (I'm trying not to rejoice prematurely); maybe some benevolent deity has hurled lightning at the HMRC computer, which I imagine as being a Sinclair Spectrum, sitting in a dark cupboard. I can dream, can't I?

I abandoned the attempt to do my VAT, and went back to it a while later. Either they've fixed whatever had gone wrong, or else they rebooted the Spectrum. I logged on, they sent the 6 digit code to my phone, and I filled in the VAT form. They owe me, because I pay EU non-UK VAT via the VAT Moss system, and I shudder to think what's going to happen after Brexit, because whether the Brexit is hard, soft or medium, you can bet your bippy that it will be different and I'll have to change my software and procedures to accomodate it.

My VAT is done for another three months.

... later ...

I think the problem was a massive DDoS attack against a DNS provider..

Wednesday 19 October 2016

300% utilisation

I knew that I had a problem when my bandwidth monitor started to tell me that about three times as much data was flowing along my line as was possible. Obviously, the monitor had to be wrong.

I very quickly tracked the problem down - the system drive on the main server was failing. Lots of read and write errors. And that's very annoying, it was a new install; I opened the plastic wrapper on the drive a couple of weeks ago.

And then things got worse.

I tried checking the cables, I tried rebooting, nothing helped. Clearly I had to replace the drive.

First, I switched the load onto a backup server. That's very easy; I just change a couple of lines on my firewall, and all accesses are directed to the backup server.

Then I tried to replace the drive.

My first idea was to use a 2.5 inch Sata SSD, because the server (a Dell Poweredge R805) has a couple of slots at the front for 2.5 inch Sata drives. But the server wouldn't acknowledge that it was there, and when I opened up the server, it was obvious why. The slots for the drives were there, but there was nothing connecting them to the mainboard. I'd need an interface card, and it would have to be a Dell branded card, and the cost would be astrological.

So my next thought was, replace the drive with another new drive. I then spent an hour on that. There's only one Sata connector on the mainboard, so I used that for the DVD drive I use for installing Linux. The drive to install on, would be connected to an interface card that lets me put Sata drives on a PCI-E interface. But that didn't work, because the Linux installer refused to recognise the drives.

And then things got really tricky, because I had to leave to go to a family event. My aunt Kit died a few days ago, at the age of 99, and she was one of my favourite aunts, so we went to the funeral and then back to her daughter (my cousin) for a major nosh-up. So for the next six hours, my backup server carried the load (and hardly anyone noticed).

When I got back, I had a plan. First, I connected the DVD drive to a USB port. Then I removed the PCI-E cards, so all I had was that DVD drive, and the drive I wanted to install Linux on, connected to the motherboard Sata port.

That worked! And several minutes later, I had Fedora Linux version 24, 64-bit on the hard drive. So I replaced the PCI-E cards, connected up the other drives, rebooted and everything was fine. And I have a list of things to do to configure the server the way I want it, and a copy of all the files that I needed to do the configuration.

So about an hour later (plus a couple of hours messing about fruitlessly before the family event, plus six hours at the family event) the server is up and running nicely.

Monday 17 October 2016


Trump has started to claim that the election is being rigged.

And a poll has revealed that 41% of voters think that the election could be stolen from Trump (73% of Republicans believe that, and 17% of Democrats).

So what's going to happen when Hillary wins? Will Trump gracefully acknowledge defeat, and wish her well for the future? My feeling, based on how he's behaved over the last year, is that he won't. He'll scream that the election was rigged. Because the alternative - that he's a loser - isn't acceptable to him.

So what will the 35% of the electorate that voted Trump do. Will they accept defeat gracefully? I hope they do. But there's other things to consider, which are difficult for we British to comprehend.

The first is the existence of 300 million guns in private hands. One nutcase with a gun can do quite a lot of damage; a million people with guns can do a hell of a lot of damage. And there's a lot of Americans who believe that one important reason they are armed, is so that they can stop government doing bad things.

The second is the American attitude towards revolution. They glorify the events of 1776; they call it "The Revolution". The last time we British had a revolution was 1688, and most people won't even have heard of it, it was so politely done. 

The third is that there's a fair number of Americans who want to revisit their civil war, only this time they want it to end differently.

So would Trump incite violence? He has form. He promised to pay the legal fees of supporters who attack protesters at rallies. "There may be somebody with tomatoes in the audience. So if you see somebody getting ready to throw a tomato, knock the crap out of them, would you? Seriously. Okay? Just knock the hell—  I promise you, I will pay for the legal fees. I promise, I promise. It won’t be so much ’cause the courts agree with us too."

And then in another speech: “If she gets to pick her judges, nothing you can do, folks,” Mr. Trump said, as the crowd began to boo. He quickly added: “Although the Second Amendment people — maybe there is, I don’t know.” For we British who might not be able to decode this, Second Amendment is the right to bear arms. Meaning guns.

Trump is probably not stupid enough to call for a revolution explicitly. But he could say things that some people will interpret as a call to arms; something that he can deny meant that.

This could get messy.


Democracy is the way we settle important questions. It's not a good system, but as WSC said, all the others are worse.

But that isn't always true. Some questions shouldn't be decided by a democratic vote.

This was made obvious to me by a debate on usenet (35 years ago, that was like a big internet forum) in the newsgroup alt.comp.virus (which was the forum about computer viruses). We had various debates there; the one I have in mind was about the technical characteristics of a particular virus.

I was posting having disassembled and analysed the virus, so I knew what it did, although there was, of course, the possibility that I'd made a mistake. But some 30 or 40 people joined in on this debate, and then one guy summarised the arguments by counting how many people said "X" and how many said "Not X". And he concluded that since there was a majority saying "X", that X must be true.

I'm sure you can see the fallacy there. You cannot decide the truth of Pythagoras's Theorem by taking a vote.

I wonder how many people support "Science must fall"?

Saturday 8 October 2016

Good morning!

Or, as the French would say, "Bonjour".

My firewall was reporting a whole bunch of UDP accesses from to, and it was, of course, blocking them. But I wondered what this was all about, and decided to investigate. is a non-routable (private) IP address, because it starts with 10. The "149.14" means that it's an address got via DHCP from my main DHCP server. In other words, it's a device based on my DMZ that picks up its IP address from another of my servers.

The is a mystery. My "innermost" network starts with 192.168, which is also a private, non-routable address, but I don't have a device at that address. Furthermore, why would a device on my DMZ go looking for a device at that address?

So I googled.

Googling doesn't always produce the answer straight away. The first stop was, which is a technical forum ... with a difference. I read halfway down the article that Google found, then burst into giggles. "lds" = "Latter Day Saints" = Mormons.

"No other software should be purchased or installed on Church computers unless it is approved by the stake president, is appropriately licensed, and does not interfere with the operation of or compromise the security of the Church software and data already on the computer." which is fair enough. :

And then " Other then it needs to be password protected and not uploaded to 3rd party servers, no. However, I would involve the Bishop in who is getting the information and what the information contains."

Can you imagine what it must be like for those tech support staff, having to get a Bishop involved when they have a support issue? What does the Bishop do, pray for guidance?  Yes, I can see that even a church needs appropriate computer security; I'd guess that many churches use computers to do their accounts and suchlike. But involving the Bishop?

So after getting past this distraction, I found some useful information. I think it has to do with Apple's Bonjour, which is how Apple devices find other things on the network, and the device doing the looking was indeed ladysolly's iPhone.

Rather mundane and uninteresting, but I would never have found the LDS tech web site without it, and discovered the role of LDS Bishops in their tech support.

Friday 7 October 2016

Lorem ipsum dolor sit amet

I don't get much spam in Latin, so I actually read this one. 

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum

Sadly, it's nonsense. It's pseudo-latin, like Caesar adsum jam forte.

Oh, you didn't know that one? It's one of the best things I learned in my Latin class.

Caesar adsum jam forte
Brutus aderat
Caesar sic in omnibus
Brutus sic in at

Anyway, "Lorem Ipsum" is called "Greek text", because it isn't Greek. It's used by printers and web-makers to indicate that some text should go here, but it hasn't been authored yet.

Tuesday 4 October 2016

Riding the Ridgeway

I went out today for a long bike ride; mostly along the Ridgeway where it crosses the M4. I found 42 caches, but I had a lot of trouble with my rear inner tube. It kept creeping round, and in my experience, that leads to a valve blowout when it gets bad enough. And sure enough, that's exactly what happened. It's a failure that can't be fixed with a puncture repair kit. Fortunately, I carry a spare inner tube, and that kept me going.

I really have to solve this problem of inner tube creep. I tried talcum powder, but although I have a very nice smelling inner tube, it hasn't fixed the problem. But I have another idea, which I'll try tomorrow,

Monday 3 October 2016

ASA 5510

My ASA 5510 firewall arrived, and it's lovely! It's faster than the Pix 515E; it has more memory, a faster processor, and gigabit interfaces. I swapped it for the 515E today, and it went in very easily. I just copied the configuration from the 515E almost word for word, and it's now humming away happily.

But to me, it's just a more advanced Pix.

Sunday 2 October 2016

Packets from Erewhon

When I look at my firewall logs, I see a whole bunch of attempted accesses that I can't explain. They look like this:

Deny udp src dmz: dst inside: by access-group "inside_access_out"

Deny tcp src dmz: dst inside: by access-group "inside_access_out"

Deny tcp src dmz: dst inside: by access-group "inside_access_out"

I'll explain - udp and tcp are the main two kinds of packet that float around the internet.
"dmz" is a region of my network that I allow limited access to from outside; "inside" is a region of my network that doesn't allow any access from outside. All my "dmz" addresses start with 10, all my "inside" addresses start with 192.168.

IP addresses starting with 10 or with 192.168 are non-routable. Packets with that address or destination shouldn't be able to even reach my firewall.

And yet the Pix firewall is reporting that packets originating in my dmz (from IP addresses that don't have computers) are trying to get to IP addresses in the "inside" region, to IP addresses that don't have computers.

So packets originating from Erewhon, are trying to get to Nowhere, and are being blocked. I'm not worried by this, but I wish I knew how this was happening.

Great Repeal Bill

Theresa May says she'll trigger Article 50 by March 2017. That means we leave the EU two years after that. At last we'll be free of all those pettifogging regulations about food safety and employment conditions ... but no.

The Great Repeal Bill will convert existing EU regulations into UK law. We still won't be allowed to sell cheese with listeria or send children up chimneys.

We still don't know what The Powers That Be plan to do about immigration from outside the EU. Or from the EU. Or whether we'll still be part of the single market.

I keep hearing that the referendum result means that we voted to control immigration.

No, it doesn't mean that. It means we voted to leave the EU. Anything more than that is just an invention by the axe-grinder.

Saturday 1 October 2016

Seven inches

I bought a couple of seven inch screens, and they arrived yesterday. I'm using them to monitor my 100 mbit line traffic.

These cost about £18, and are intended for in-car use, for example, for reversing cameras. So they run off 12 volts, and use a composite video input.

PC power supplies give a 12 volt line, so that feeds the screen. The 12 volts also feeds one of those little £1 voltage step-down devices, which lowers it to 5.3 volts, and that goes to a Raspberry Pi. The version 1 Pi has a composite video output, isn't that handy? Later versions don't have that.

I do the display by using "montage" to create the graphic as a bmp file, then ffmpeg to convert it to an 800 by 480 framebuffer file. Then it's just a matter of copying that file to /dev/fb0. And it looks great. I have one in my office, and one in the data center.

I found a nice bargain on Ebay, and I got four 17 inch LCD monitors for £63. I'm not exactly sure what I'll be using them for, but I do use a lot of screens.

Another bargain I got recently is an Cisco ASA 5510 firewall. ASA is what Cisco did after the Pix. The command language is pretty much the same, but the 5510 has a much higher capacity than my current Pix 515E, which I'll use as an in-place backup, because if my firewall goes down, everything goes dark.

Wednesday 28 September 2016

Excursion to Ealing

I was out geocaching today. I drove into London, parked, then biked around Ealing. I visited the Elstree Studio, where so many of the movies I like were made.

Not many caches done today; some were too difficult for me to find, and then I had a blowout on my back tire. Not a puncture - the valve got sheered off.

Lunch was a couple of hot sausages from a Polish lady in a tiny kiosk.

Double trojan

Subject: There has been a change to your parcel delivery

I get a lot of email about parcels. I'd guess that a lot of people in the internet receive a lot of parcels, so an email about "your parcel" stands a good change of not being ignored. The interesting thing about this one, is that it came with two files.

The explanation in the email was "The new privacy policy. All personal information is encrypted in attached document.".

Neat idea. Except that the file contained a javascript program, obfuscated, and I can't be bothered to reverse engineer it, oops, I mean stare at it until I understand it, but it references "" which I'm guessing gets downloaded and does something unpleasant.

I sent to Virustotal, and no product flagged it. I also tried tracking_encrypted0928.doc, which was first submitted about an hour before I received it, and 4/55 products flag it as malware.

Monday 26 September 2016

Pix log analysis

I've been logging all the Pix messages to the system log on a server, and I told that server to keep the Pix messages in a separate file. Today, I had a look at that file.

There were a third of a million messages, and that's just two day's worth. So I wrote a program.

# Analyse pixlog

open PIXLOG, "/var/log/pixlog";
while (<PIXLOG>) {
  if (/exceeds configured limit/) {$bigdns ++; next}
  if (/outside:outside-interface\/23/){$outsidetelnet ++; next}
  if (/outside:outside-interface\/2323/){$outsidetelnet ++; next}
  if (/outside:outside-interface\//){$outsideother ++; next}
  if (/\/23 by access-group \"outside_access_in\"/){$telnet ++; next}
  if (/\/2323 by access-group \"outside_access_in\"/){$telnet ++; next}
  if (/Deny tcp .*outside.*outside.*\/(\d*)/ and $1 > 1023) {$denyootcpgt1024 ++; next}
  if (/Deny udp .*outside.*outside.*\/(\d*)/ and $1 > 1023) {$denyooudpgt1024 ++; next}
  if (/Deny tcp .*outside.*dmz.*\/(\d*)/ and $1 > 1023) {$denyodtcpgt1024 ++; next}
  if (/Deny udp .*outside.*dmz.*\/(\d*)/ and $1 > 1023) {$denyodudpgt1024 ++; next}
  if (/Deny tcp .*outside.*inside.*\/(\d*)/ and $1 > 1023) {$denyoitcpgt1024 ++; next}
  if (/Deny udp .*outside.*inside.*\/(\d*)/ and $1 > 1023) {$denyoidpgt1024 ++; next}
  if (/Deny.*outside.*outside:212.58.55.(\d*)/ and $1 > 224) {$nosuchserver ++; next}

  if (/Deny.*outside.*(outside|dmz|inside).*\/445/) {$samba ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/111/) {$rpc ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/13[789]/) {$samba ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/587/) {$port587 ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/22/) {$ssh ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/(343|433|995|500|444|161|1000|8[123456789]|123|17|19|523|520|456|623|417|135|389|990)/) {$ports ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/(21|69)/) {$ftp ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/(53)/) {$dns ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/(25)/) {$email ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/(143|110)/) {$imap ++; next}
  if (/Deny.*outside.*(outside|dmz|inside).*\/(80|443)/) {$http ++; next}
  if (/Invalid destination for ICMP error message/){$invalidicmpdest ++; next}
  if (/dst outside:global-out/) {$globalout ++; next}

  if (/regular translation creation failed for icmp src dmz:nsint1-2/) {$regnsint1 ++; next}
  if (/regular translation creation failed for icmp src dmz/) {$regdmz ++; next}
  if (/Deny IP due to Land Attack from up-works-out to up-works-out/) {$land ++; next}
  if (/Denied ICMP type=0, from laddr/)  {$icmp0 ++; next}
  if (/Denied ICMP type=3, code=3/)  {$icmp3 ++; next}
  if (/No translation group found for udp src dmz:sadii.*53/) {$notrans ++; next}
  if (/Deny icmp src dmz:\d/) {$icmpfromd ++; next}
  if (/Deny tcp src dmz:\d/) {$tcpfromd ++; next}
  if (/Deny ucp src dmz:\d/) {$ucpfromd ++; next}
  if (/ {$accessto192 ++; next}
  if (/reason: MSS exceeded/) {$mssexceeded ++; next}
  $other ++;
  print $_;
close PIXLOG;

print "bigdns = $bigdns  telnet = $telnet outsidetelnet = $outsidetelnet  outsideother = $outsideother \n";
print "deny-oo-udpgt1024 = $denyooudpgt1024  deny-oo-tcpgt1024 = $denyootcpgt1024\n";
print "deny-od-udpgt1024 = $denyodudpgt1024  deny-od-tcpgt1024 = $denyodtcpgt1024\n";
print "deny-oi-udpgt1024 = $denyoiudpgt1024  deny-oi-tcpgt1024 = $denyoitcpgt1024\n";
print "nosuchserver = $nosuchserver samba = $samba port587 = $port587 ssh = $ssh ports = $ports ftp = $ftp http = $http dns = $dns rpc = $rpc\n";
print "invalidicmpdest = $invalidicmpdest global-out = $globalout icmp0 = $icmp0  icmp3 = $icmp3 email = $email imap = $imap \n";
print "voldsout = $voldsout regular translation nsint1 = $regnsint1  regular translation dmz = $regdmz land = $land\n";
print "notrans = $notrans icmp, tcp, udp from d = $icmpfromd, $tcpfromd, $ucpfromd accessto192 = $accessto192  mssexceeded = $mssexceeded \n";
print "other = $other\n";

That program eliminated the commonest logs. For example, more than half of the logs are telling me about an attempt to telnet to one of my servers. Which is not going to happen, but they wouldn't be doing it unless it works sometimes, so there most be a lot of unsecured things on the internet that you can telnet to. I'd guess that a lot of them are light bulbs or other stupid things that the vendor likes to claim "you can control it with your smartphone" and hasn't bothered with any silly security stuff. I mean, if your light bulb gets hacked, so what? Well, "so what" is that it can be used as part of a bot net, sending out spam of doing DDOS (distributed denial of service) attacks.


It got the 1/3 million logs down to under 1000, and I could actually check those, and in doing so, I did find some minor misconfigurations of my network.

- some of my servers were using the wrong place to get their daily time check
- some of my servers were being advertised as mail servers, but the firewall wasn't allowing inbound email - that's because it will *all* be spam, I'll explain why later
- one of the rules in my firewall was in the wrong place, after the "deny everything else" rule, and, obviously, there's no point in having a rule after that. So I moved the rule to where it should have been.

So, minor stuff (if there had been anything major, I'd have noticed it before). But it's nice to have everything hunky-dory.

Now, about that spam.

If you do "dig mx" then you'll see in the answer section:        3600    IN    MX    5        3600    IN    MX    2

Or you might see:        3600    IN    MX    2        3600    IN    MX    5

What a mail sender is supposed to do, is choose the lowest-numbered server (in this case, and send the mail to there. If that server isn't responding, then you go to the second highest, in this case And you can have any number of these. Google has five.

But spammers don't care about the ranking, they just send the spam to the first on the list. So, if you have a list of ten mail servers, everything that goes to the ones that aren't the lowest numbered one, is spam!

Isn't that handy?

So for most of my email, I run a dozen mail servers. Anything that isn't sent to the first two, is 100% spam. It's a nice way to sort it out. And, of course, most of those servers can be fictitious.