Pages

Thursday 23 February 2017

Click hygene

When you get a link in your email, and you've decided that the email is genuine, should you click on the link they give you?

Probably not. Especially when the link is going to a URL that isn't the company URL.

So when I got my monthly email from TalkTalk telling me about my latest bill, I saw a link to "Visit MyAccount". But the link didn't go to talktalkbusiness.co.uk, it went to s2431.t.en25.com

A whois on that domain, returned "Oracle Corporation", not TalkTalk.

This is about as suspicious as it gets. But the info in the email also gave my correct account number, name and billing amount. So how could it be fake?

Well ... remember that TalkTalk has been hacked a few times now, and my information was probably included in the hack. So it's entirely possible that the email is a scam.

An alternative explanation is that TalkTalk is happy to send out emails that look precisely like a scam email.


Wednesday 22 February 2017

Outage

About two weeks ago, at five minutes after midnight, I lost contract with the internet. So I checked my firewall, and I could access that. So I tried my DSL line (broadband) which I have as a backup, but that was also down.

Oh dear, I thought, if *both* of these aren't working, it's some obscure internal problem.

I spent the next hour or so checking connectivities from A to B, B to C and back again, checking whether green light were still gree, and eventually I came to the conclusion that I can't find an internal fault. So I called TalkTalk, who provide my lines.

They were immediately able to tell me that this was planned maintenance on an important router. An anticipated outage. I explained that I hadn't received any warning of this; they said they couldn't help with that.

So I went to bed, because clearly there was nothing more I could do. The next morning, the line was working again. I don't know how long it was down.

The next day, it happened again, also at five minutes after midnight. This time I spoke to TalkTalk immediately. Yes, another planned outage. Sigh.

I have a Service Level Agreement (SLA), which says that if I have an outage that is more than a certain amount, I get a credit. So I called TalkTalk Technical Support to see if I could set that wheel in motion. They said that I had to talk to Customer Service. I spoke to Customer Service. They said that they had no way of knowing how long the outage was, I had to talk to Technical Support. You can probably see how this is developing ...

So I asked to talk to my Account Manager. Apparently, I don't have an account manager. So I went back and forth between Customer Service and Technical Support a few more times.

Eventually, I spoke to someone at Technical Support who said that they don't have any logs, so they can't tell how long the outage was. And he asked me to send him the logs from my router.

I don't have a router. There's a BT Box that transforms the incoming fibre to ethernet, and my network plugs straight into that. Of course, there's a firewall between the BT Box and the rest of my network. The guy at TalkTalk said that I must have a router. Actually, I needn't. If I were willing to take the risk, I could connect my internal network directly to the BT box, via an ethernet hub.

But my firewall has logs, and the guy at TalkTalk said that those logs would do. So I looked at the logs, or rather I looked at the log files. About 700 megabytes of logs. I offered him those, but so far, no-one at TalkTalk has been willing to accept them. And I don't want to email a 700 mb file!

Plus, I don't think it would help. The firewall would know if the connection to the BT Box were lost, but that connection wasn't lost. It was the connection much further down the line that was lost. So I don't think my firewall would show "interface down".

So I talked to TalkTalk Technical Support again, on 20 February (remember, all this started about two weeks ago). Graham expressed great surprise that I didn't have an account manager, and transferred the issue to Simon, his boss. Simon emailed me on the 20th saying "You can expect to hear from someone tomorrow to pick up and discuss in more detail."

Actually, I didn't expect anything of the sort. TalkTalk *never* calls you back. Almost never. I have only ever encountered two people at TalkTalk who ever call me back. I think there must be a firm rule at TalkTalk "Never call back." So I won't name the two that do call back, I don't want them to get into trouble.

And, of course, I wasn't called back.

So I tried again. This time, armed with the information that I ought to have an Account Manager, I spoke to Account Management. Chris verified that I didn't have an account manager, so I asked him if he would agree to be my account manager, and he said that if I wanted, I could call him that. So I did. And then I called Customer Service and gave Chris's name and phone number as my Account Manager.

This ploy didn't work. Chris denied that he was my account manager, and transferred the issue to his manager, Ryan. And I'm told that I'll get a call back within 24 hours from Ryan. I'm ever hopeful!

The problem, apparently, is that in order to process any claim under SLA, Customer Service has to get my Account Manager to request the outage length from Technical Support. Technical Support have already told me that they don't have that information.
It's beginning to look to me, that no-one has ever made an SLA claim for an ethernet outage, because there appears to be no mechanism for processing it.

... update ...

TalkTalk have offered me a one month credit for the outage, so it's all looking good now.
And they're making arrangements for me to have an Account Manager, and for me to be notified in advance of possible outages due to routing maintenance.


Tuesday 21 February 2017

I don't know

It really annoys ladysolly when I say this. And I've noticed that it's not an expression that's widely used.

But the thing is, often when I'm asked a question, I don't know the answer, so I can't see what else I could say.

I think a lot of people don't take this view. When asked a question, they'll give a guess to the answer, rather than admit ignorance.

Looking at the Church of England, I feel that this is a stance they ought to take on their position towards homosexuality. Clearly, a whole bunch of them think that gay marriage is wrong (and, I'd guess, gay bishops). And clearly a whole bunch of them, roughtly to the same number, think the opposite. All of them are trying to discern the will of their god, and it's clear to me that they've been unable to achieve clarity on this.

So why don't they just say "We don't know"?

Sunday 19 February 2017

Church of England and gay marriage - a guide for the perplexed

The Bishops Report said that "only a man and woman could marry in church."

The House of Bishops voted 43-1 in agreement.

The House of Laity voted 106-83 in agreement.

The House of Clergy disagreed, 100 votes to 93.

To get approved, all three Houses have to agree.

After the vote, one bishop said that he accidentally voted the wrong way. And there's statements that other people voted the wrong way. If they can't even vote the way they mean to, maybe they should pray harder.

So as things stand, the Synod, overall, plumped for "no change". So, no same-sex marriage in the Church of England.

So what's going on here? Why are they against same-sex marriage?

Religion.

A) The way people claim that religion works, is that God tells you what to do, and then that's what you want.

B) The way religion works, is you think about what you want, and then claim that God told you to do that.

So - Leviticus 20:13

"If a man has sexual relations with a man as one does with a woman, both of them have done what is detestable. They are to be put to death; their blood will be on their own heads."




So here's the thing.

1) How come the Synod accepts the first part of that, but not the second part? Why aren't they calling for the death penalty for homosexual acts?

2) Why do they ignore Leviticus 11:12; "Anything living in the water that does not have fins and scales is to be regarded as unclean by you."



Go figure.

Still, it's good news. Every time the Church brings itself into disrepute, it opens more eyes.

Thursday 16 February 2017

How to backup your daughter's blog

It occurred to me that I didn't have a backup of this blog. I expect the good folks at blogger.com do backups, but "expect" is not good enough for me. So I did one.

Then I wondered about the blog of daughter.2, www.silverspoon.co.uk. It's a good blog, all about ... well, go see for yourself. But does she do a backup? I didn't know.

So I did one for her. It's very easy.

wget -r www.silverspoon.co.uk

That downloaded everything from her blog to my computer. When I told her I'd done this, she was a bit concerned at first, and wanted to know if I'd hacked her blog. Well, no. The blog is *supposed* to be publicly readable, and what I did was read it! But I should have taken a picture of her face as she asked that.

That gave me a tree of files. So next, I converted that to a single file.

tar -cf silverspoon.tar  www.silverspoon.co.uk

That was pretty big, about 6 gigabytes. More than would fit onto one DVD. You might think that then I'd use some sort of compression, but most of the data is JPG files which are already compressed.

split -d -b 4480m silverspoon.tar

That gave me two files, and I burned them on to DVDs, which I gave to her next time we met.

Wednesday 15 February 2017

Taboo words

What constitutes a taboo word changes with locality and over time. 25 years ago, when I roamed around AOL, The Powers That Be would give you a ban (temporary or permanent) for using taboo words. But they wouldn't tell you what words you couldn't use.

So I tried using the word "smeg", which isn't in any dictionary, but which sounds vaguely obscene (and was used thus in Red Dwarf), and got into an argument with TPTB about whether it was obscene or not. My argument was that "it is a meaningless word, so how could it be obscene?" Their argument was, "We're TPTB". And no, they wouldn't give me a list of taboo words, I ought to know without being told, and my protestation that the list of taboo words in the UK wasn't the same as the list in the US, fell on TPTB ears.

So I rooted around until I found a list of the words that AOL considered vulgar (they didn't actually use the word obscene).

But times change.

And now we have Facebook.

I'm in a group that has rules, including "No disparaging comments against groups of people, i.e. no discrimination against genders, races, sexual/gender orientations, etc.". That sounds fair enough, except that most of the bans I'm seeing, are for ableist words. So what is an ableist word?

I don't know. Words that I've seen incuded are "crazy, stupid, insane, dumb (in the US sense, meaning stupid - I suppose if used in the "I can't speak" sense it wouldn't be ableist - or maybe it would?)". "Blind" is obviously ableist, except that I have a colleague who is 100% unable to see, and he doesn't seem to be offended by the word "blind". But what about "foolish"? Or "silly"? I've gotten away with using those, even though they seem to me to be little different from the banned words.

And if stupid is ableist, so is its opposite; intelligent, clever, brainy. Short and tall, fat and thin, brunette or blonde. Are any of those ableist? Your hair colour is one of those things you have no control over (unless you dye it).

And anyway, although these words are describing characteristics that people wouldn't want to have (or would want), are they disparaging? It's a minefield. "Black" used to be the word to use, then it was "coloured", now I'm told there isn't a word, you have to say "African-American" (but not everyone is American) or "person of colour", and how "person of colour" is less offensive that "coloured person", search me. Plus Americans seem to have a very different definition of who falls into that category than I would.

Go figure.

You guessed it. In this group, they're mostly Americans.

Monday 13 February 2017

Steep drop in spam

There has been a sudden and very drastic drop in the volume of spam I'm getting. Whereas before I could see around 1000 per day, now it's more like 50. I'm guessing that a major spammer has been removed from the game.

Let's hope it's permanent.

Saturday 11 February 2017

New shaver

My electric shaver has become blunt. And it's running roughly. Bottom line - I'm not finding it easy to shave with it. So ...

You might think that it would be cheapest and easiest to replace the shaving head, and maybe the foil. But that isn't the case; typically, you'll pay £25 to replace those. But a new shaver is a lot cheaper.

I've had a good experience with the Chaobo RSCW-9500, which I got from DealExtreme for about £9. Yes, three of these are cheaper than one replacement head and foil for a big name brand shaver! So I've changed over to my backup 9500, and I went back to DX to buy another. Sold out! Which means they don't stock it any more. So I googled around; Amazon.com used to sell them, but no longer. I persisted until I found Focalprice. They have the 9500 for $12, three for $11.34 each. So I bought three for $34.02, which is about what you'd pay for a single replacement head and foil for a big brand. And each one comes with a spare head!

Recommended.

Wednesday 8 February 2017

Melania Trump vs The Daily Mail

Mrs Trump is suing the Daily Mail for $150 million.

A lot of what the old-style media reports, is just stuff they've gleaned from the internet, and they don't bother checking whether it's true.

"Decide for yourself," they say, but there's no way you can. "We're just reporting the rumour" they say, as if that's an excuse.

Wouldn't it be great if the media checked whether things were true, rather than just repeat what they read on the internet?

So who should we be cheering for?

On the one hand, losing $150 million might make them more careful in future. Plus, it's the Daily Mail, which we don't get even when it's a free newspaper at the supermarket and it's the only paper left.


On the other hand, it's Mrs Trump.

Decide for yourself.

Tuesday 7 February 2017

Our courrier was not able to deliver your parcel

Date: Tue, 7 Feb 2017 03:06:06 +0800
From: USPS <shipping@usps-service.com>
To:  REDACTED
Subject: Shipping information for parcel 8217163
Parts/Attachments:

Our courrier was not able to deliver your parcel because nobody was present at your address.

Someone must always be present on the delivery day, to sign for receiving the parcel.

Shipping type: USPS Next Day
Box size: Large Box ( 2-5kg )
Date : Feb 6th 2017

You can reschedule the delivery over the phone, but you will have to confirm the information on the
delivery invoice.
Another delivery can be arranged, by calling the number on the delivery invoice we left at your address
and confirming the shipping information, including the address and tracking number.

A scanned copy of the delivery invoice can also be downloaded by visiting the USPS website:
https://tools.usps.com/web/pages/view.invoice?id=8217163&dest=REDACTED [fam-life.jp]

In the exceptional case that a new delivery is not rescheduled in 24 hours, the shipment will be
cancelled and the package will be returned to the sender.

 
Thanks for shipping with USPS

Copyright © 2017 USPS. All Rights Reserved.
Two clues that this is a scam. 1) "courrier" and 2) the web link doesn't go to
usps.com it goes to fam-life.jp

Apart from those two, it looks very plausible.

Monday 6 February 2017

Selfish email

Every email system I've ever used, wants to be the only email system I use. And I won't be having that.

I want to use various email systems, and I want to collect them all into one place, using the IMAP protocol. So I have AOL accounts, gmail accounts, yahoo accounts and the various email accounts I've set up on my own servers. I use IMAP to collect all those emails into one place, and to do this I use fetchmail. And once collected in one place, I can use my homebrew despammer, and my homebrew malware-avoider. Which, by the way, is actually better than anything you can get commercially - maybe I should have gone into business on this ...

Some of them really do try very hard to stop me doing this; facebook, for example, seem to make it almost impossible. There are rumours on the web that you can use their API to implement IMAP, but I'm not going to learn their API just so that I can collect my facebook email. I can't stop facebook from creating an email address for me, but I don't actually read anything that I get there.

I recently had a bit of a wrestle with gmail. Part of that was my own fault; I changed my gmail password and forgot to tell fetchmail the new password. But even after I'd done that, there was a problem.

Gmail thinks that IMAP access from fetchmail isn't as secure as it would like it to be. So to make it work, I had to tell gmail to accept connections from "potentially insecure apps". I've never heard fetchmail being called an app before. So I did that, and now it works.

So you can email me on all the email addresses I've ever had, going right back to AOL (but not the ibmpcug.co.uk one, that's dead now). But don't email me on my facebook email address, I won't see it.

# got me again

In pretty much every program I use, # at the start of a line means that the rest of the line is a comment. That's useful, not only for comments, but also for temporarily disabling a line.

Except bind.

In bind a ; at the start of a line signifies a comment, and it doesn't recognise a #

Oh, but it's more subtle than that. You can use # for a comment in the named.conf file. But not in the  zone files.

It gets me every time. I make a change in my DNS files, perhaps commenting out a line, and then the DNS doesn't work becuase I used # instead of ;

Please, O people who maintain bind, allow # to start a comment line.

Wednesday 1 February 2017

Paypal email - real or scam?

I got this email from ... well, I don't know.

Date: Tue, 31 Jan 2017 12:32:00 +0000
From: PayPal <paypal@mail.paypal.co.uk>
Reply-To: "noreply@mail.paypal.co.uk"
    <noreply-HP2v200000159f482a63c91f088f4bbcf76f8020@mail.paypal.co.uk>
To: drsolly@drsolly.com
Subject: Your Legal Agreements with PayPal
Parts/Attachments:
   1   OK     ~23 lines  Text
   2 Shown   ~626 lines  Text
----------------------------------------

[my real name is here] – We're making a few changes
View Online [epl.paypal-communication.com]
[rnd_crnr_top.jpg]
PayPal [epl.paypal-communication.com]
Our Legal Agreements are changing.
We’re making some changes to our Legal Agreements; the documents that govern our relationship
with you, so that we can continue to make PayPal even more secure, quick and easy to use. We’ve
put details of the changes on our Policy Update page [epl.paypal-communication.com] – you can
also find the page at www.paypal.co.uk [epl.paypal-communication.com], by clicking ‘Legal’ at
the bottom of the page and then selecting ‘Policy Updates’.
What do I have to do?
Take a look at our Policy Update page to check you’re happy with the changes. If you are, you
don’t need to do anything as these changes will automatically apply to you. If you don’t want to
accept the changes you can follow the steps we’ve set out on our Policy Update page.
See the Policy Updates [epl.paypal-communication.com]
[rnd_crnr_bottom.jpg]
Help [epl.paypal-communication.com]
Contact [epl.paypal-communication.com]
Security [epl.paypal-communication.com]
How do I know this is not a Spoof email?

Spoof or 'phishing' emails tend to have generic greetings such as "Dear PayPal member". Emails
from PayPal will always contain your full name.

Find out more here [epl.paypal-communication.com].
This email was sent to drsolly@drsolly.com.

Copyright © 1999–2017 PayPal. All rights reserved. PayPal (Europe) S.à r.l. et Cie, S.C.A.,
Société en Commandite par Actions. Registered office: 22-24 Boulevard Royal, L-2449, Luxembourg,
R.C.S. Luxembourg B 118 349.
[856e941823f441e100004c5a42963aa1]


So is it real? I don't know. They did give me true name, but my name isn't exactly a secret, known only to myself and god. The site I'm sent to, isn't at paypal.com, which I know is real, but instead it's paypal-communication.com. 

Is that owned by Paypal? I used whois, and that said that it is, but anyone can give false details when registering a domain name. So that doesn't really help much.

Just because a scammer knows the name that goes with my email address, doesn't prove that the scammer isn't a scammer.

So what happened when I clicked on the link?

Well, obviously I didn't click on the link, because I don't know what it leads to.

Paypal are idiots.

They should have put the link I'm supposed to click on, on the paypal.com domain name. Or else possibly Paypal aren't idiots, and the email came from a scammer.

So I googled "paypal-communication.com", and looked at what people were saying, and it looks to me as if opinion is divided on whether it's real or fake.

Sigh.

So I logged in to Paypal.com. I would expect that, if this really did come from Paypal, they would also have sent me a "notification" that I need to review their changes. There was no notification.

So I conclude that ... if it's real, they should have sent me a notification, and the email should have been from their paypal.com domain. Therefore it isn't real. Therefore it's a scam.

Let me know if I'm wrong.