Tuesday, 9 October 2018

An accident

I cycled down to Amersham Hospital to have my routine blood test. On the way back, there's a few roundabouts. At one of them, I checked on my right, nothing coming, so I got onto the roundabout to go straight ahead.

A woman on the road to my left, didn't see me, and drove straight in front of me. And then I'm guessing she did see me, because she abruptly stopped. Right in front of me.

I have good brakes on the bike, and I applied them as hard as I could, and managed to stop before I would have crashed into the side of her car. But when you brake that hard, it's easy to lose balance, and that's what happened to me. I didn't hit her car, but I toppled off onto the tarmac.

I fell onto my right side, and lay there, in quite a lot of pain, and hoping that no-one would drive over me. The car drove away, but stopped a few yards further on and the woman came back. If she hadn't, she ould have been in serious trouble, because there were several witnesses, and someone took her number.

Meanwhile, another woman, who had first aid experience, checked me for broken bones, then helped me to the middle of the roundabout. Someone else called an ambulance, which arrived a few minutes later.

The crew checked me out, and decided that I wasn't so seriously hurt as to need hospital, so they took me, and the bike, home.

But by golly it hurts. The act of standing up hurts, sitting down hurts, moving my arms hurts, moving my legs hurts. I can barely manage a slow shuffle to get around. I'm on paracetamol.

Last time I fell off my bike it was on a bridleway, and it was entirely my fault.  Thus time it wasn't my fault, and the fall was onto hard tarmac. Last time it took months before I was fully recovered.

I gave her a piece of my mind, and she was very apologetic, it's never happened before. I explained to her about SMIDSY "Sorry mate I didn't see you". Hopefully she'll be more careful in future.

If you can't positively check that there's nothing coming towards you, then assume that there's a bike doing 10 to 15 mph, and that if you hit it, you'll kill or seriously injure the rider.

One cheer for Barclays

I don't know if this is a new feature, but I hadn't known about it.

It's page no the Barclays web site, which lets you check if a phone number really is a Barclays number.

Well done Barclays!

Sunday, 30 September 2018


I just used the word "moggiedawed" and the person I was talking to didn't know what it meant. So I explained it, it means confused.

Then I wanted to see if I'd explained it accurately, so I googled it.

To my great surprised, it came up with four hits. And all of them were me!

So I checked with ladysolly. She also knew the word, and had the same definition. I'm pretty sure I learned it from my mother. She thinks she learned it from her family.

Is this word local to the drsolly family? Or is it yiddish? If it were yiddish, I'd have expected a few more hits.

Wednesday, 29 August 2018

Vat reporting changes

Three ironic cheers for HMRC.

At the moment, in order to report my VAT numbers and how much tax to pay, I log into their web site and type the numbers into a form. Simple.

But I've just heard that they are "going digital". In future, I will have to type the numbers into a Excel spreadsheet and run some software that transmits the same numbers to HMRC. I wonder if that software will work on Linux? Fortunately, I still have a Windows computer, and I probably have an old copy of Excel somewhere.

How is that an advance?

Meanwhile, at the end of next March, we leave the EU. Unless we don't. And at that point, what happens with VAT?

At the moment, I charge VAT on all sales to EU countries, at the various VAT rates of each country, and then I use a thing called "VAT MOSS" to pay the VAT to the 27 EU countries. On sales to non-EU countries, such as the USA, I don't charge VAT, because they aren't EU.

What happens after March 29?

I have no idea. HMRC has no idea. HMG has no idea. Seven months from now, it all changes, and no-one knows what it changes to.

Instead of messing around with how I report UK VAT, they should be sorting out what's going to happen with VAT and Brexit.

Friday, 10 August 2018

Beep beep UPS

I was doing some routine maintenance in the Data Shed, and it gradually dawned on my that I could hear a beep beep noise, as of a machine in distress. My binaural beep-location soon tracked it down, it was the UPS that protects the router that converts the fibre optic cables from the street outside, to the ethernet that the data shed requires.

This device has two power inputs, which is a good idea for such a critical piece of kit. It means that if one power cable goes down, the router will continue to work. So I have each of those inputs on a different UPS.

I tried powering the UPS off and on again, that didn't work. So I decided to just bypass it, and connect that power input, straight to the power mains, without the UPS.

I did that, but the red light on the router was still on, indicating that it was only getting power from one source, the remaining UPS.

Which, now that the louder beep was silenced, I noticed was flashing its lights in a "help help" manner.

And then I realised that the two UPSes were on the same 13 amp power main, and that the neon light indicating power on the six-way strip, was off. Meaning, that there was no power going to the UPSes, and that explained the distress signals they were both giving me.

And then I noticed that the trip on the fuse box had gone. I still call it a fuse box, even though fuses on house supplies are long gone. So I flicked the trip, power was restored, and the UPSes stopped making distress signals.

And then I thought. I've been silly. I should not have had both UPSes on the same 13 amp mains power!

Fortunately, no harm done in this case. So I ran a power lead from another 13 amp mains supply to one of the UPSes, and now each UPS is on a different power supply.


From: Angie

Subject: hammer45

It seems that, (hammer45), is your password. You might not know me and you are most likely
wondering why you are getting this e mail, right?

in fact, I put in place a spyware on the adult vids (adult porn) web site and guess what, you
visited this web site to have fun (you know what What i'm saying is). During the time you were watching videos, your internet browser started off functioning as a RDP (Remote Desktop) which gave me accessibility of your screen and webcam. after that, my computer software obtained all of your current contacts from the Messenger, Outlook, FB, along with emails.

What did I really do?

I created a double-screen video. First part shows the recording you're seeing (you have a good taste haha . . .), and Second part shows the recording of your webcam.

what exactly should you do?

Well, I think, $11000 is really a reasonable price for our little secret. You'll make the
payment by Bitcoin (if you don't know this, search "how to purchase bitcoin" search engines like google).

Bitcoin Address: 16GcAcYntnJjJP1uApyYiuZRW5ryaf3Fsv
(It is case sensitive, so copy and paste it)

You've few days in order to make the payment. (I have a special pixel in this e mail, and at
this moment I know that you have read through this email message). If I do not get the BitCoins,
I will certainly send your video recording to all of your contacts including family, coworkers,
and so on. Having said that, if I get the payment, I'll destroy the video immidiately. If you'd
like evidence, reply with "Yes!" and I will definitely send out your videos to your 6 contacts.
It is a non-negotiable offer, that being said don't waste my personal time and yours by
answering this message.

This is a very old linkedin password (changed ages ago). And, of course, I haven't used it anywhere else.  I received six emails like this, asking for different amounts and with different bitcoin addresses. Also, the email itself was a bit randomised, using different words.

I wasn't aware that linkedin had been hacked, but on checking, I found that 117 million account details are for sale on the dark web, as of a couple of years ago. I do vaguely remember that I might have read abut this hack.

The email came from

If you get an email like this, don't worry. If you haven't changed your linkedin password for a while, change it now.

Tuesday, 31 July 2018

Another scam

I got a phone call. Apparently, my IP address is about to be changed! So I called them back.

I spoke to "Kevin Sharp". He had the usual difficult accent, and he asked my if I had Team Viewer installed (that's a commonly use Remote Access tool). No, I hadn't.So he talked me though accessing which is a very crude copy of a BT site.

I told him that my computer rebooted.

There was a conversation in Urdu in the background, and I was transferred to "Mike Morris".
Mike told me a whole selection of lies. First, he talked my through discovering one of Google's IP addresses, and told me that was my IP address. Then he told me that I've been hacked, and that someone tried to steal £904 from my account, but he's stopped that. He told me that this was because someone at my local Tesco was stealing my debit card number. But they now have a camera there, so they'll catch him soon.

Then he sent me to the fake BT site, and told me to click on a link there that would install a RAT (RemotePC.exe).  I told him I clicked on it and my computer rebooted. "It's been rebooting a lot recently, is this the virus?" I asked, innocently. He confirmed that it was.

More Urdu in the background. How stupid they must think we are. And they're probably right, they wouldn't be doing this is it didn't work, at least sometimes.

Then I panicked, and told him that I need to talk to my bank, to block my account, but he said he's already done it. I said I still felt that I needed to talk to my bank, and he offered to transfer the call to my bank. "Oh yes," I said eagerly, keen to find out how well they'd be able to impersonate my bank. But he didn't do that, and continued with his standard script. He wants me to visit my local Tesco. I have no idea why. He wants me to take my mobile phone with me when I go. I told him I don't have a mobile phone. "Are you sure?" he asked. I told him that it's possible that I hav a mobile phone that I don't know about. I think that piece of sarcasm flew over his head.

He asked for my address, so I gave him the address of someone who had spammed me a while ago. And he asked for my debit card number, and I gave him a 16 digit number to play with.

Then I told him I was very worried about all this, and I was going to talk to my bank,. and I hung up on him. That's so that when he tries to run the card, he isn't surprised that it fails.

Then I reported him to:

1) The Telephone preference service
2) Webnode abuse
3) BT Openreach

I'll give it an hour or two, then call him back. They don't get away that easily!

... later ...

I got an email back from webnode

" Webnode team, please check the content of the below-mentioned domain name. It looks like


Realtime Register Abuse Dept. "

One look at that site and they'll kill it, it's a very obviousd scam. A small victory :-)

Wednesday, 11 July 2018

Facebook fakes

It was recently noticed that there are a lot of fake accounts on Facebook.

These were set up several years ago - perhaps Facebook was less discerning then? They have the following characteristics in common. We see them when they try to join a group.

All claim to be in the USA
The account was set up several years ago, and contains two posts, one to set up the profile picture, and one to set up the banner. Then nothing for several years.
Many of them are an attractive woman in an attractive pose.
Others are an attractive man.
Many of them are members of several other groups with related subjects.

What is the purpose of these accounts, and the purpose of joining a group? Nothing good, I fear. By joining the group, they get better access to the members of that group. And here's what I've seen happen ...

The person offers to friend you. If you accept, then you later on get an invitation to a page, which is for a different person.

Reporting this to Facebook seems to have no effect.

How widespread is this?

I'm seeing more fakes than genuine people. That's a big deal. Is it possible that Facebook has less than half of the accounts that it claims?

Monday, 9 July 2018

Bojo bails

David Davis, Minister for Brexit has left the cabinet over the latest Theresa May proposal, supposedly agreed at Chequers.

Boris Johnson has followed suit.

I feel like I'm on the Titanic, and the crew hasn't merely given up on trying to save the ship or organise an orderly evacuation to lifeboats.

No. Half the staff have decided that now is the time to make more holes in the ship, and the other half have decided to shoot themselves in the foot.

So what now?

Can the May government survive this revolt? Is a leadership contest in the offing? Can Boris hold his nose and ally with Gove? Will Andrea Loathsome raise her hand? Will the Honourable Rees-Mogg indicate graciously that if asked to serve, he would not decline?

Dum de dum de dum de dum, dum de dum de dum dum ...

Bye bye Twitter

I just deleted my Twitter account. I've never used it apart from a few testing tweets. So it's just a database waiting to be hacked.

I only hope they delete my details.

Friday, 29 June 2018


People following this blog have been reading about the various hurdles I've had to jump in order to become, and remain, PCI DSS complaint.

I used to have to fill in a huge form each year, with a couple of hundred questions. And then, every three months, they would test my server to check that it was secure to their exacting standards. And if it failed (which happened whenever a new threat emerged, like "Poodle" or "Heartbleed"), I'd have to work out why, and make changes to the version of Apache, or the version of Openssl, or to the configuration, or whatever.

Well, all that has completely changed!

Last week, I got a letter from Barclays, telling me that if I didn't get PCIDSS complaint by September, it would cost me an extra 0.3% per transactions. "Oh dear," I thought, then I realised that this might put up the amount I pay them by about 5%. And that's the worst case scenario!

So I stopped worrying, and filled in their online form, which I was surprised to discover was only about a dozen simple questions. Then I waited a week while they got around to processing it.

Today, I got the phone call. I was asked several questions, which duplicated the questions I'd already filled in, and I don't know why they did that. And then the lady on the call said "That's fine, you're compliant for a year." What about the quarterly security test?" I asked. "No need," she said.

So I went to the Barclay's web site, and sure enough, I'm compliant until this time next year.

They've abolished the server test.

My server tests out as A+ on the Qualys test, so I'm not worried about that. But this means that they've abolished the server test for other people too, and I don't know how many others.


Have they stopped caring about computer security? Surely not.

Friday, 22 June 2018

Spam from China

In my de-spammer, I have a category of email I call "non-roman". This is all email in alphabets that I cannot read. Maybe it's spam, maybe it isn't, but if I can't read it, I'll never know.

In the last week or so, there has been a huge rise in spam in Chinese. This is only part of what arrived in the last several hours. Over the same time period, there were only 24 spams that weren't in Chinese.

Monday, 11 June 2018


IPv4 is the old familiar Internet Protocol, You get addresses like, four numbers in the range 0 to 255. That means there are 2 to the power 32 possible IP addresses.

When this was designed, that sounded like a lot, enough for indefinite use. This is 4 billion addresses, which is enough for half the people on the planet. Plenty, yes? No. They didn't anticipate the huge popularity of the internet, and it turns out that these 4 billion addresses are not enough. And there is an IP address shortage.

Enter IPv6

This consists of eight numbers instead of four. Which is 16 billion billion addresses. And that should be enough for a long time.


Everyone uses IPv4 today. And people keep saying "We have to move to IPv6" because we've run out of IPv4 addresses.

And they've been saying that for seven years now.

So today, I decided to start making a move. Step one, talk to TalkTalk, to get some IPv6 addresses, and for them to route them to my connection. So I contacted TalkTalk.


They don't do IPv6. In April 2017, their Chief Operating Officer said that they will in future. But in the 14 months since then, there's been a deafening silence. And when I asked their tech people, they said they don't do IPv6 and didn't know when they might.

So I explained that when my contract comes up for renewal, the existence of IPv6 support will definitely be a factor in which service provider I choose.

I can't believe that they haven't done this yet.

Saturday, 2 June 2018

Barclays Merchant Services, and VAT

Six months ago, BMS (Barclays Merchant Services) changed over to a new accounting system. So when the first new bill arrived, in a totally different format from the old bill, I compared the old with the new, and I found a major discrepency. Previously, they had been charging me £50-£60 VAT each month. Suddenly, the VAT number was £5.

So I called them up. Either the old figure was inflated, or the new figure was too low. It took them about six months to look into it, and eventually, I got a nice refund from them.

I wondered, then, what they would do about all their other customers. Now I know. I just got a form letter from them, explaining about this.

This blunder must have cost them a lot.

TLS 1.2

From a few weeks from now, data transfer with Barclaycard must use the encryption of TLS 1.2. This is a good idea, because it's currently the strongest protocol available.

Wow. I remember when the only way to do this, was for me to print everything out on paper, and trundle down to the bank with it. They would ship it off to their data center, and someone there would type it all in!

So anyway. I upgraded my systems to TLS 1.2 six months ago. But I got a reminder from them, and, suddenly nervous about whether it was all working right, I phoned them up to check. They checked my recent uploads, and confirmed that I was indeed using TLS 1.2

But I wonder how many companies are going to be caught short by this.

Sunday, 27 May 2018

Uploading files to web pages

This turned out to be a bit more tricky than I had thought.

You have to use a cgi that starts off like this:

 <FORM method="post" action="upload.cgi" ENCTYPE="multipart/form-data">

And then there will be various elements to the form, depending on what other data you want, and then:

Upload:          <INPUT TYPE=file NAME=filename>

Then you parse the result of the cgi using

use CGI::cgi_lite;

$cgi = new CGI_Lite ();
$cgi->set_directory ($images) || die "Directory $images doesn't exist.\n";
$cgi->set_file_type ("handle");
%in = $cgi->parse_form_data ();

The name of the file will be in $in{'filename'};

And the file itself will be in the $images directory that you set. But, the filename will have an extra 11 characters appended to it, that's to ensure that the name is unique. If you want the original filename, you have to strip those off.

Then the thing that really threw me. If the original filename contains spaces, then $in{'filename'} doesn't contain the filename, it contains the bytes of the file itself!
I have no idea why.

open UPLOAD, ">$images/upload.file";
binmode UPLOAD;
print UPLOAD $in{'filename'};
close UPLOAD;

Then you'll have to rename the file to something unique.

Friday, 25 May 2018

Facebook security

Facebook recently announced that they tightened up their security, and have removed 583 fake accounts.

And they've put uip a notice saying that if you log in from a different computer, they're going to do a check on whether you're really you. Which sounds nice.

So we went away for a few days, and I logged in from the hotel's wifi, using a portable I took with me. So the IP address was different, and if Facebook had dumped any cookies on my computer, they weren't on this laptop.

Facebook immediately spat me out. So this is their security is in action. But what happened next ...

They asked me for a mobile number, so they could send a six digit verification code. Obviously I'm not going to give them my usual number. I dn't want to start getting spam on it.

So, I went around the houses. I have an old iPhone 4, inherited from Ladysolly a while back, and just festering in a drawer. I went to Vodafone to get it unlocked, which was pretty easy. Then I did a full reset, to wipe off all the data.

Then I went to You pay £7 or so, and you get free minutes, texts and data. Not very much, and I think they're hoping I'll top up and pay for more. But I won't. And as a surprise, they gave me a second sim for an extra 1p. Nice. So I put the sim into the old iPhone, and gave Facebook that number.

And Facebook was happy, and I was happy, and everything is tickety-boo.


Facebook didn't actually do any verification of me at all. All they verified, is that the person who logged in, also owns a phone.

It's just more "Security Theatre".

So. In future, when I go away, I'll VNC into the computer that Facebook expects me to be using, and they'll never know that I'm hundreds of miles away, using my laptop. I tested it, and it works fine.

Thursday, 24 May 2018

Mouse pad

Mouse pads are important. You want something that isn't too rough and isn't too smooth, and which is big enough for your mouse movements, but not so big that it takes up too much desk.

Also, I want a gel pad for my wrist to rest on, so I don't get tendonitis.

For many, many years, I've been using the Fellowes "Gel wrist rest and mouse pad". They must be more than ten years old now, and they still work great.

So I just bought four more on Ebay, about £12 each.


Power supply difficulties

The power supplies in PCs are one of the components that wear out. Sometimes the fan goes, because they are mechanical. That's easy, I just replace the fan. But sometimes, it just fails.

They are easy to replace; PCs are like Lego, but with screws. I have a small stock of PSUs (power supply units), so that I don't have to order one each time one fails.

And my small stock has dwindled - time to order more!

So I had a look around, and Bluepoint were offering 15 refurbished PSUs (which means, second hand and wiped over with a cloth) for a mere £1.91 plus Vat. "I'll have some of those" thought I, and ordered 15. "Yes we have them, no they aren't in stock, but we can get them". They took my money, then called back. They don't exist.

So I tried another bunch of PSUs they had, for the same price.

Same problem.

So I tried another PSU that they had on their web site. Not available. So I explained, "look, I tell you what. Rather than me try to guess which of the products that you offer, I can actually buy, suppose you make a list of what you can actually sell to me, and put it on your web site? Because I'm tired of playing "Guess the product" with you."

And I went to eBay.

Where I found some excellent, brand-new, 700 watt power supplies for only £5 each, free postage. So I bought ten.

A few days later, I got a message frmo eBay. Someone had been very naughty, and the items didn't exist, sale cancelled. I went to Paypal, where I found that the £50 had not been claimed, so I cancelled the payment.

Which took me back to square one.

So I went on a rampage on eBay, and bought every PSU that was the right kind and was under £7, which means I now have 13 assorted second-hand PSUs on their way to me.

Fingers crossed!

Tuesday, 15 May 2018

Hungarian rhapsody

I've just received a third communication from the Hungarian tax people. The first two were complaining about a non-payment of VAT on two dates, both of which I had indeed paid.

I was dreading what the third would be. But it's OK! It was an apology for sending the first two emails. Apparently, a "technical error".

Monday, 14 May 2018

PCI DSS woes

It's PCI DSS time again! Every three months, an external agent (in this case, Sysnet Global Solutions) has to check my Secure Server, to check whether some newly discovered insecurity has caused the need for an update.

So I submitted the URL for checking, and it came back "FAIL". That was the start of the nightmare.

The fail, apparently, was that one of the chain of certs (certificates) used SHA1, and SHA1 is no longer considered secure. The recommended answer was to get back to the vendor of my cert, Comodo, and get them to sort it out. So I did that.

First, I tried using their chat function. Using that, they sent me this cert and that, but each time, I got the FAIL.

Then I tried again, next day. First one new cert, then another, and so on, and eventually they gave up and told me to email.

So I emailed, and the email I got back said, "Don't worry, it's a false positive".

I wasn't happy with that, and phoned. Over a two hour transatlantic call, the Comodo tech and I tried this, that and the other. He even got me to edit the certs around; taking a piece out of one and another piece out of another. And still it failed.


I learned a lot. Apache thinks that there needs to be three certs:

SSLCertificateFile SSLCertificateChainFile and SSLCACertificateFile

Actually, you can combine one of more certs into a single file. And until I understood that, I was getting a lot of grief, because Comodo were only offering two files. The SSLCertificateFile which is the file for my server, and the other file, which combines SSLCACertificateFile and SSLCertificateChainFile.

It turns out, that the problem lies in  the root certificate. The signatures of those aren't actually checked, so it really doesn't matter if they use SHA1 or not. They are trusted according to their identity, not their hash. And it was the root cert of Comodo that was SHA1.

So I boldly decided to tell Sysnet that they were throwing a false positive. I backed that up with quotes from Google and Microsoft, explaining that a SHA1 at the root wasn't a problem, and I put a cherry on top in the form of "I notice that the Sysnet web site also uses SHA1 for the root server."

It worked. After a week of agony, I got my cert authorised, and the cream of the joke is that I could have got it authorised the first time I'd tested it, if it hadn't been for that false positive.

But some good came out of it. When the time comes for me to renew my cert with Comodo for £90 per year, I shall instead be using "", which is free, and gives me a cert that the PCI DSS is happy about - I know that, because that's what I'm using now!

Friday, 11 May 2018

Let's Encrypt

Every "secure server" has to have a certificate; this is a text file that certifies that the server is encrypting.

I've been getting my certificates from Comodo, because I decided that Verisign were too expensive. They seem to be part of Symantec now, and Symantec want $399 per year for a cert, $1999 for a wildcard cert (which covers all subdomains of a domain name). 


Also, Chrome will soon be untrusting Symantec certs. It's a sad story.

Comodo were charging me $60/year. Now it's £90, more than twice what it used to be. Feh. Godaddy are a bit cheaper, about  $60/year, but they warn you that it will be $75 when you renew.

I'm already using for a few dozen domain names. Their big advantage is that it's free. Certs last for 90 days, but they make it easy to automate refreshing them.

So I thought, how about using this for my Secure Server? There's only one drawback to the certs from Letsencypt, and that is that they don't certify the name of the organisation. But when was the last time you checked the cert on a secured web site to verify that it really was the organisation you thought it was?  As long as the lock thing is shouling locked, and no alarming popups pop up, it should be fine.

So I downloaded certbot-auto, and made myself a free wildcard cert (the thing that Symantec wants $1999 for) and made myself a wildcard cert. I checked the server with Qualys SSL Labs and got an A+ rating, that's as high as it goes.

I just checked Barclays, my bank, and they only got a B! Naughty Barclays are still using SSL 3, which is known to be insecure.

So, while I was overhauling things, I also brought the server up to the latest Fedora, version 28, and the latest Apache web server, 2.4.33. And I also made a backup server, so I can slide that in immediately if the hardware goes pearshaped.

While I was building it, I had a bit of a clear-out of faulty motherboards. It seems to me that motherboards wear out; I'm guessing it's the capacitors. Anyway, that left me with a bunch of CPUs for which I had no motherboard. So I went to Ebay.

I found a guy selling suitable motherboards for £7 each, which sounded good until I noticed that each one came with a CPU and memory. Better than good! So I bought all six that he had.

Wednesday, 9 May 2018

Specific spam

This weird seed helps burns fat 1828% faster

This spam in interesting because of the strangely specific percentage.

Saturday, 5 May 2018

A strange cut-and-paste bug

I use cut-and-paste a lot. Often, I'm copying from a nedit text file, into the Firefox browser.

For a while now, that has stopped working. So I looked into it.

I can cut-and-paste from nedit into anything else, such as a terminal. That shows that copying from nedit to the clipboard is working

I can cut-and-paste from anything else into Firefox. That shows that copying from the clipboard to Firefox is working.

I don't understand it.

Upgrading to Fedora 28

Fedora 28 is out. So, naturally, I downloaded it and installed it on a machine. It worked fine. So I decided to upgrade more machines to 28. I ran into a couple of minor difficulties.

1. With Fedora 28, desktop icons are no longer there. It gives you a clean desktop - but I want my icons. I found this:

dnf install nemo

Then pico ~/.config/autostart/nemo-autostart-with-gnome.desktop and put into that new file:

[Desktop Entry]
Comment=Start Nemo desktop at log in
AutostartCondition=GSettings org.nemo.desktop show-desktop-icons

To start it, do

nemo-desktop &

And that gave me my icons back.

2. And then apache didn't work; this is version 2.4.33

pico /etc/httpd/conf.d/nss.conf

add: NSSEnforceValidCerts off

That's OK, because these servers are only accessed for http, internally.

Friday, 27 April 2018

New monitor

I just got a new monitor for a computer that I use regularly. It's 2560 by 1440 pixels, and 32 inches diagonally. It's big, it's beautiful and it's perfect. And it cost £189.99 on eBay, delievery free next day from Currys.


Wednesday, 18 April 2018

Defuse and diffuse

It seems to me as if journalists cannot tell the difference between these two words. They aren't even homonyms!

Defuse. That's what you do with a bomb. More metaphorically, that's what you do with a dangerous situation - you calm it down and remove the detonator and explosive.

Diffuse. When you add a drop of ink to a glass of water, the ink diffuses through the water, until eventually it's all mixed in.

Do, you do not "diffuse" a dangerous situation. You defuse it.

Please get these straight.

Thank you.

Monday, 9 April 2018

https blog

Visitors to this blog will no longer be able to access the unencrypted version (via http). All access will be via https.

It's not that there's anything secret on this blog - far from it. But this is part of a move on the whole internet to https.

Saturday, 7 April 2018

Hungary again

Several months ago, I got an email from Hungary claiming that I hadn't paid my VAT for Q1 2017, and I owed them 8.65 euros. I passed the email over to HMRC, because I use the HMRC VAT Moss system. That lets me pay the VAT to all 27 non-UK EU countries in one go, telling them how much goes to each. And then HMRC pays the various tax authorities in each country.  HMRC told me to take no action, they'd deal with it. So I just left them to it.

Today, I got another email, suggesting that I owe them for Q4 2017, the sum of 33.33 euros.
So I've passed that on to HMRC, and I've asked what happened to the previous demand?

Hungary is now quite low on my list of countries I love.


We triggered article 50 a year ago. A year from now, we tumble out of the EU. There might be some intervening period, of a couple of years, we don't know the details of that yet.

What I'm wondering is this. When I sell the USA, there's no VAT to pay, because the USA isn't in the EU, and I don't have a tariff to pay. When we are disgorged from the EU:

Will I have to still pay VAT on exports to EU countries?
Will the VAT Moss system still be there?
What happens during the two years when we're partially in ?

What's going on?

Tuesday, 3 April 2018

Data Recovery

Jeff Bones emailed me - his computer won't boot up and he has valuable data on it. So I asked him to bring it round.

I used to do data recovery professionally, but I haven't done that for 25 years. Just occasionally as a favour to a friend.

He was right. The Advent laptop computer got as far as a screen from Windows telling me about a problem. That's good, it shows that the drive is at least working. The drive is a 500 gb 2 1/2 inch Sata drive, a Western Digital WD5000 BEVT. I had a look around; those are pretty much unobtainable now, but there's lots of other similar 500gb drives for sale.

So I connected up an external DVD drive (I couldn't persuade the built-in DVD drive to read my DVDs, I don't know why, and didn't investigate it because I was happy to use my own DVD drive) and booted up from Fedora Linux Live. Fedora Linux Live means that I'm running Linux, but didn't install anything on the hard disk. Because if I did install on the hard disk, that would wipe out the data I'm trying to recover.

So Linux booted up fine. I connected it to my internal network, which meant I could ssh into it and run stuff on it without having to use the inferior laptop keyboard (all laptop keyboards are inferior to my beautiful IBM Model S clicky keyboard).

I had a look around, and I was able to mount drives sda1 and sda2, and I could see all the files. So now I need to copy the files. But there's 150 gb of files. Obviously Jeff didn't want them all; a lot of them were system files, temporary files, ancient backups and so on. But Jeff needs to think a bit to decide what he wants.

I started off by copying the files across the network to my server. But that was going astoundingly slowly (I don't know why) and wasn't really going to fully solve the problem. Because I'd need 30-odd DVDs to copy that lot. Not practical.

Then I had an idea. I have a 1000 gb external drive. So I connected that, and started copying the files to it. Then I stopped, because I realised that I had a linux ext3 file system on that drive, and can Windows handle that? I don't know. But Linux can handle an NTFS file system. So I deleted the partition on my 1000 gb, and made a new partition, telling fdisk that it would be NTFS. Then I formatted it as an NTFS file system, and mounted it to the laptop.

I used rsync to copy the files from the laptop to my 1000 gb, and I was surprised how quickly that went. So now I have Jeff's 150 gb of data on this external drive. I've suggested that he bring his new laptop round, so that I could connect up the external drive and check that everything is accessible, and then he can, in his own time, rummage through the files that I've rescued, and copy them to his new computer.

Job (probably) done. I've still got it!

Wednesday, 28 March 2018

Silence is golden

I have a nice 32gb HP workstation, but it's unusable because the fans are too loud. So I decided to do something about it. I bought three things from eBay..

Computer cooling fans can be loud when they run fast. There's two ways to slow down a fan. One is to use a lower voltage than the 12 volts they're designed for, the other way is PWM, pulse width modulation. PWM means that you switch the fan on and off rapidly, umpteen times per second. Less power, means it runs slower.

My first purchase (£2) is a little board that takes 12 volt input, and has three header blocks for fans, one for a thermometer and one for a buzzer. You set the desired temperature ranges with the dip switches.

Next, I bought a few PWM controllers each for a single fan, £2.25 each.

And third, I bought five 4-pin extension cables, to make life easier.

I installed the board and connected up the two external fans, and the fan that blew down on the memory. This immediately made the box a lot quieter. But still a bit noisy, so I used one of the single-fan controllers to slow down the fan cooling the memory, and that was good.

So I put the board inside a plastic box, to make sure it wouldn't cause a short circuit, and I'm happy with the result.

Monday, 26 March 2018

A health tax?

Jeremy Hunt believes that there should be a dedicated tax specifically to be spent on the NHS and social care.

What a bad idea!

If you don't think very hard, it sounds like a nice idea. More money for the NHS!

Or is it? If you have a "Health tax" that garners £10 billion per year, then hey! We could reduce the NHS money that comes out of general taxation by £10 billion!

If the NHS needs more funding (which is a separate question), then wouldn't it be a good idea to simply raise income tax, which would bear harder on the rich than on the poor?  Rather than invent a whole new tax system, with a herd of civil servants to administer it, with bookfulls of legislation to enact it, and providing an whole new source of revenue for accountants as they sought ways to minimise clients exposure to this new tax?

If you want more money, raise income tax. And don't try to fool us into thinking that some new tax is ringfenced for the NHS.

Jeremy and the Mural

I am not a great fan of Jeremy Corbyn, and I am definitely against antisemitism in any form. But.

Jeremy is being attacked because of a mural. The mural was being removed, and jeremy said that he was opposed to the destruction of art.

That was a while ago, on a Facebook group. And now, just recently, it is revealed that Jeremy supported an antisemitic mural.

But look at this.

I see a monopoly board resting on the backs of people. I see six men sitting round that board. The implication is that these six men are exploiting the guys under the table.

What I don't understand, is what is it that tells you that the six guys are Jewish?

None of them is wearing a skullcap. I see no star of David. No clothing as per orthodox jews. No payot (the curls that hang down by the ears of orthodox jews. Only one has a beard.

Behind them, there's the pyramid with the eye. That's what you find on dollar bills. It's not any kind of Jewish ting that I'm aware of.

I can't actually see anything that says "These are Jews".

What they are, is old white guys.

So I really really don't see how this is being portrayed as antisemitic.

But what do I know? The witchhunt has started. And everyone (other than me?) seems to have accepted the mural as antisemitic.

Sunday, 25 March 2018

Give that man a medal

Never mind about the flat-earth nonsense, this guy is a hero.

He built a steam powered (!) rocket (!) strapped himself into it (!) and soared to 2000 feet.

“Mad” Mike Hughes - give him a medal.

Friday, 23 March 2018

Healthcare should not be left to religion.

Healthcare should not be left to religion.

Dr Prakash Chandra Saxena, principal and superintendent of Government Ayurveda College and Hospital in Pilibhit, said, "Not just for medicinal purpose, we will promote cow urine as a health-giving drink. We have prepared a plan and will discuss it with Ayurveda department in Lucknow for approval. Drinking 10 ml to 20 ml cow urine daily will act as a preventive against seasonal diseases, like fever, cough and stomach-related ailments. Daily consumption of cow urine will also help increase people's immunity. Our aim is to make cow urine easily available to common public."

But don't laugh.

Narrated Anas:Some people from the tribe of 'Ukl came to the Prophet and embraced Islam. The climate of Medina did not suit them, so the Prophet ordered them to go to the (herd of milch) camels of charity and to drink, their milk and urine (as a medicine).
Sahih Bukhari 8:82:794

Stop giggling, there's more.

A woman has died after undergoing bee-sting therapy, a form of treatment backed by Gwyneth Paltrow.

The 55-year-old Spanish woman had been having live bee acupuncture for two years when she developed a severe reaction.

She died weeks later of multiple organ failure.

And that's not funny. Neither is this:

2-Year-Old Girl Dies After Faith-Healing Parents Refuse Medical Treatment

Jonathan and Grace Foster attributed the Nov. 8 death of their daughter, Ella Grace Foster, to "God's will," according to a police affidavit.

And, of course, there's homeopathy, the belief that plain water is medicine.
Well, at least it can't hurt, can it?

Right on its packaging CVS' homeopathic constipation relief says it's safe and non-habit forming. Yvette d'Entremont disagrees."I was an analytical chemist," said d'Entremont.These days d'Entremont uses her mastery of chemistry on YouTube as the 'Sci-Babe" debunking what she calls medicinal myths with science. As for the claim here of a non-habit forming laxative"There was 20% alcohol listed as an inactive ingredient," said d'Entremont. "This is 20% alcohol by volume which means it's 40 proof."That's 40 proof, by standards for purchasing liquor, yet sold over the counter with no age requirements.

Wow. That's as strong as whiskey!

Thursday, 22 March 2018

The divine origin of the Quran

After speaking to Muslims, I find that for many of them, the reasoning
goes as follows.

1) We follow Islam because the Quran came from Allah.

2) We know it came from Allah because of the many scientific facts in the Quran that we now know to be true.

3) These facts could only have been known by Allah at the time of the Prophet (pbuh) 650 AD.

The problem with this logic, is that 3) isn't correct.

Dozens of examples are given. I don't want this post to be too long, so I'll look at three of them that are commonly given.

1) The Big Bang. The Quran 21:30 tells us that the Big Bang happened, but scientists have only recently rediscovered this.

Not so. The Ancient Greeks proposed this. Anaxagoras in the 5th century BC
proposed this, 1000 years before the time of the Prophet. And the Hindu Rigveda proposed this also, 2000 years before Mohammed (pbuh).

But how could an illiterate Mohammed (pbuh) have read the writings of the ancient Greeks?

He had Companions. Not everyone in that region was illiterate. And people talk to each other. The origin of the universe is an interesting question, and would have been discussed often.

2) The different stages of development of the human fetus. How, before X-rays and ultrasound, could they have known about that? Quran 23:12-14

Because of miscarriages. And the Ancient Greeks, 1000 years before the Quran was revealed knew this. And the Bhagavata Purana, 100 years before the Apostle of Allah, gave an accurate account of the development of the fetus.

3. The waters salt and fresh, not mixing, Quran 55:19:20. This explains that you can have water that is salt, and water that is fresh, side by side, not mixing.

If you live by the coast, near a river, then you can go out in a boat and see this for yourself. It isn't hard to check. Fishermen would have known abuot this for thousands of years. But how would an illiterate man, not living by the coast, have known abut this?

Again - people talk to each other.

And, by the way, if you think that salt water and fresh water can never mix (as suggested by the Quran), try it yourself. Take a half glass of fresh water and a half glass of salt water, pour them into a single glass, stir well, and taste. It will be half as salty as the original salt water. And you don't need to take my word for this, you can try it yourself.

So here's my suggestion to Muslims. Look through the Quran, and find some true scientific fact that could only have had a divine origin. And I will undertake to show you that this fact was already well known at the time of the Prophet (pbuh).

Wednesday, 21 March 2018


Israel’s Chief Sephardic Rabbi, Yitzhak Yosef, called black people "monkeys".

And then his office made it worse, by explaning that he was quoting the Talmud.

If that's true, then we need to revise the Talmud. Call it Talmud, second edition.

We might need to revise the Old Testament, while we're at it.

But we definitely need to replace Yitzhak Yosef.

Tuesday, 20 March 2018

Annoyance number 4,592. Videos autoplaying.

When I go to a page that has a video, maybe I'll play it, maybe I won't. If I'm already playing another video, I definitely won't, I can't listen to two videos at once.

But HTML 5 lets videos decide for me.

To disable this in Firefox:

Type about:config in the browser's address bar and hit enter.
Confirm that you will be careful if the notification comes up.
Find the "media.autoplay.enabled"
Double-click on it.

Blessed silence.

Monday, 19 March 2018

The Irish question

There is an important question hanging over Brexit, that has not been resolved, and I can't see how it can be resolved.

It's the Irish question.

The Republic is in the EU. Soon, the UK will not be in the EU. So there will be a border. On one side of the border is an area with EU tariffs, on the other with UK tariffs.

When the UK was in the EU, this was not a problem; Eu tariffs = UK tariffs. But what now?

If we had a single free-trade area, there would not be a problem, even with the UK outside the EU. But this isn't going to happen. The hard-liners in the Tory party would rather cut their own throats.

If we had free trade between Northern Ireland and the Republic, that would solve the problem, but then there's a trade barrier between Northern ireland and the rest of the UK, so that isn't going to happen, the DUP would eat Theresa May *and* Boris before they let that happen.

So we are going to have a tariff barrier between Northern Ireland and the Republic, with customs barriers and infrastructure and everything that goes with a land border. Except that we've promised we wont. The Republic won't wear it, and they get a veto, as part of the EU27.

It's a problem like a fidget spinner, with three sides that you keep turning. Why didn't The Powers That Be see this coming two years ago?

Saturday, 17 March 2018

Italian scam for VAT part 2

Well, it turned out that it wasn't a scam. I really did pay my VAT to Italy in 2015 1Q, three months late. I can't remember why, this was three years ago, but I have a feeling it was because the HMRC Vatmoss system wasn't fully operational yet.

I contacted HMRC, and they confirmed the late payment, and my records said the same thing.

So I've paid them, Well, it was only 65 euros.

Poo in the post

I put some poo into the post box near me today.

Every two years, the NHS sends me a bowel cancel screening programme test kit. I have to take six samples of my poo, using the method they explain, and post it to them. They check it, and tell me if I have bowel cancer. So far, so good.

This is one of the benefits of a healthcare system where the priority is the health of everyone in the country. If the NHS's priority were profit, they wouldn't do this.

Aren't you glad we live in England?

 ... later ...

Result came back normal.

Sunday, 4 March 2018

School shooting shelters

When it became clear that WW2 was imminent, the UK government designed air raid shelters for families. These were called Anderson shelters, and they were effective against anything except a direct hit. So when there was an air raid warning (you usually got several minutes) the family would dress warmly, and get to the Anderson shelter in their back garden.

Anderson shelters were simple, cheap and effective. You got six pieces of corrugated iron, 1.95m by 1.35m. You dug out an area of the garden to a depth of a couple of feet, then covered that with the corrugated iron. Finally, you heaped earth over the top.

It worked. A family taking shelter in their Anderson, could emerge after the raid to see their house demolished by a bomb, which was terrible, but at least they were alive.

So how does this apply to school shootings? I went to Ebay. You can get 8ft by 3ft corrugated iron for £11 per sheet.  So if you bought six of these, and put it in the corner of a classroom, that would give you an area nine feet by nine feet by eight feet high; you should be able to get a teacher and a couple of dozen kids in there quite easily.

But will it be proof against bullets from an AR 15? I don't know (that could be tested easily). I'm assuming that it isn't, So what you do, is buy eight more sheets, and put those up as an outer shell, leaving a gap between the two shells. Then you fill that gap with sandbags; cheap and easy to handle.

And that will give you a shelter that would resist bullets. Add a door with a lock, and you have an Anderson Shelter. Total cost, £200. You would need one for each classroom. I would have thought that parents would be willing to stump up the necessary £10 per head, to keep their kids safe against a school shooter.

The bullet resistance comes from the sandbags. The corrugated iron is just a cheap way to make the structure.

Of course, I did all this in UK pounds, which is silly, because if you suggested this in the UK, people would say "Why?". But I'd guess that corrugated iron costs about the same in the USA (more after the Trump Tariffs start to bite) and that American parents wold be really keen on this idea.

Thursday, 1 March 2018

The acorn doesn't fall far from the tree.

Sir Oswald Moseley was the blackshirted scroat whi led the British Union of Fascists (usually known as the Black Shirts) until just before war broke out with Germany in 1939, whereupon he was confined to quarters until we'd dealt with his much-admired chum Herr Hitler.

Meanwhile, P G Wodehouse wrote a great spoof about a party he called the Black Shorts, led by a pugnacious bully called Lord Roderick Spode,

who usually got his come-uppance from Wooster and Jeeves well before the last chapter of the book. Recommended.

After the Battle of Cable Steet in 1936, when Moseley's Blackshirts were unable to intimidate the East Enders, his influence waned, reaching its nadir when WW2 started

Oswald Mosely had a son, Max. Young Max was involved in politics when he was a teenager, and the acorn doesn't fall far from the tree.

In 2008, there was this.

No longer a callow youth, Max turns out to have an interesting taste when it comes to his fun.

So he sued the News of the World in privacy grounds. After all, if someone wants to dress up as a Nazi and do sexy sado/masochistic things in private, that's not anyone else's business.

Max won the case. His private proclivities were, the judge said, not a matter of public interest.

But in the course of that case, reference was made to an unpleasant-sounding leaflet, with racist content, used in a political campaign that he was involved in, and signed off by him. Unfortunately, no-one had a copy of the leaflet, so his denial was accepted.

Now the leaflet, which says it was "published by Max Mosley" has surfaced. It includes ""Protect your health. There is no medical check on immigration. Tuberculosis, VD [venereal (sexually transmitted) disease] and other terrible diseases like leprosy are on the increase. Coloured immigration threatens your children's health."

He's in a bit of a pickle. Did he commit perjury? I don't know, but the penalty is seven years if he did. Here's Max being interviewed by Channel Four News.

 The acorn doesn't fall far from the tree.

Thursday, 22 February 2018

OK, Google

My Google Home mini arrived, and it's rather nice. It's a puck-shaped thing, about four inches across, and I can ask it to do things. So, for example, I asked it how long it would take me to drive to Leighton Buzzard, and it told me 55 minutes, which is right. And the weather, and whether pigs have wings. And apparently, some people think they do. Huh. Who knew?

But what I really want to do, is use it to control things.

So first, I installed the Google Home app on my iPhone, and used that to go through the rather simple setup steps for the Google Home. Mostly, this is to tell it the password for my wifi. And then - let's take CONTROL ...

I already set up a Pi Zero with a pair of relays, controlled via the GPIO ports, and a cgi so that I can switch them on and off over the web. So I decided to use that for the experiment.

Here's how I did it.

The key thing is the ifttt web site. I registered on that, and set up an app.
What my app does, is if I say "OK Google, switch on one" then Google Home talks to ifttt, and ifttt accesses my Pi Zero over the internet, and runs the cgi. The URL it accesses looks like this.'lights=on&port=1'

Where instead of on I could say "off" and instead of 1 I could say 2. Except that it doesn't seem to be able to understand the word "two". But it can understand three. Not four. Yes five. Then I thought, Two is a homonym for "to" and "too". Four is a homonyn for "for". So what works is 1, 3, 5, 6, 7, 8, 9, 10, 11, 12. So I think it's a homonym problem.

The way round it is to say "OK Google, switch on number two" and that works.

So I can switch either of the two relays on or off with a voice command.

Wow! This has potential!

There's a way I can use a Google SDK to make a Google Home on a Raspberry Pi, and I'm planning to have a bash at that; I have a few Pies not doing anything right now.

Friday, 16 February 2018

Hungary wants money

I got an email from the tax office in Hungary. They are saying that although I declared my VAT owing to them on Q1 2017 as 9.65 euros, I haven't paid them.

I have, of course, via the HMRC MOSS system, which lets me pay my VAT to all the EU countries as soon as I've calculated how much is should be. I pay it all in one lump, for all 27 EU countries (UK vat is paid in a different way) to HMRC, and they are supposed to take it from there.

This is annoying. I'm also being chased by the Italian tax office; they claim that in 2015 Q1, I paid the VAT three months late. Again, I didn't. I paid via HMRC's Vat Moss. So, three years later ...

Although I do believe that staying in the EU would be best for the country, these erroneous demands for small amounts of money are starting to annoy me. Just think, from 1 March 2019, I won't have to pay VAT to EU members. Or will I? No-one knows what will happen.

Another scammer

This one is with BT, at least that's what he claimed. Apparently, my IP address is being used in California. Oh no! So ...

First, he established that I have a computer. But I dn't know what browser I'm using. He suggested a few, but dopey me, I just don't know. So then he told me to find the Ctrl key. "Hold on," I said.

After a few minutes, I cme back. And then he wanted to know what key was next to it. He's looking for the Windows key, which my beautiful IBM Model S, vintage 1983, does not have. But I lied to him, and said, after a few minutes pause, "there's a sort of squarey squidgy thing".

At that point, he realised that the computer wasn't next to the phone. So he suggested I move the phone. No can do, there isn't a phone point where the computer is. So do I have a mobile? No.

So I suggested that I move the computer to where the phone is. Fun fun fun.

So then I left him waiting for five minutes, while I "moved the coputer". He called again, and I told him that he just interrupted me moving the computer because I went to answer the phone. "Do you do internet banking," he asked. I told him I did, just to get him excited.

Because I'm pretty sure I know this scam. He wants me to install a RAT (remote access tool) so he can take over my computer, install his trojan, and then charge me money to remove it, which he won't do anyhow. I've been here before.

So now I've moved the computer, but I haven't moved the screen yet. We had a lottle chat about that. These CRT screens are *heavy* and it takes a long time to move them, especially for an old geezer like me. Puff puff. And the keyboard.

And when it's moved, I have another disappointment for him ...

He wanted me to connect to, which, I guess, he wants me to think is a BT site. I checked the whois, it's a Czech company. I've emailed them to alert them to the problem.

The internet connection is back where the computer used to be.

So he told me to take the computer back there. But that was after a riff that I dn't really understand, when he was asking me to look at the bottom left hand corner of the screen which is where the time is? Only it isn't. Maybe his version of windows is different from mine.

So now I'm "taking the computer back again" ...

So now, as if by magic, I'm able to sit in front of the computer and use the phone. So he talked me through starting up a run box (Windows-R) and

And the computer rebooted.

So he took me through the same process again

And the computer rebooted again.

So he took me through the same process again

And the computer rebooted again.

 So he passed me over to his manager, Mark Roger. Who got me to run Google, and do a search on "my 1p address" (not my ip address!).
IP Address66.249.79.92 [Hide this IP with VPN]
IP LocationMountain View, California (US) [Details]    

OMG! He's right! Time to panic ... (actually, it's a googlebot).

So he sent me to And the computer rebooted.

He told me that this is caused by the "hackers" locking me out from the british-telecom web site. 

He thought that maybe it is a loose power cable. So he got me to unplug and plug it back in.
And I was a bit clever here; I unplugged both ends of the cable and plugged it back in. Not excessively clever, though - I didn't switch it back on until he told me to.

So then it rebooted, and Windows came back up, and I told him that, abd he said "yes yes" and then the phone line went dead.

Am I rumbled?

Thursday, 15 February 2018

Going SSL, part 2

The two sites I upgraded seem to have gone well, so I did all the others. That turned out to be more complicated, because some of them are spread over more than one computer, and some of them have subdomains.

And then I decided to upgrade one of the computers, which was running Fedora 9, to the current Fedora 27. And that included upgrading the version of perl, and the newer version of perl has things that are no longer allowed, such as defined %array. So I had to change that.

Also, if a page includes something dragged ni from another site, then if that other site isn't using https, then the whole page shows up as "insecure".

So I've fixed that where I can, but in some places, it actually can't be fixed. That's usually a page that references a graphic from another site

Saturday, 10 February 2018

Going SSL

Chrome have announced that, come  July 2018, which is only six months away, if the browser accesses a site using http instead of https, it will be flagged as "Not secure".

For most sites, it really doesn't matter much if a site is secure or not. After all, we've been just fine using http for decades now, and only insisted on https when using Paypal or your bank, that sort of thing.

What https gives you, is end-to-end encryption. So the content coming from the remote server to your computer, is encrypted before it leaves the server, and only decrypted when it reaches your computer. So the picture of a kitten that you're viewing, is safe from prying eyes in between.

There are obvious advantages in increasing internet security. Firefox are moving in this direction too. But this is going to have a big impact on some sites, because if you don't move from http to https, that "Not secure" flag in the browser URL bar, is going to worry some (maybe most) users, who won't really know the implications, except that "Not secure" sounds really bad.

So I've started to get ready for this.

First, I've recompiled and reinstalled Apache so that it includes support for https. But then, each site that I manage will need a certificate. That certificate will tell Apache how to do the encryption.

Usually, these certs aren't cheap - you might pay $50 per year, per site. But there's a way round it. Let's Encrypt offer free certs. These aren't as flexible as the certs that you pay for - my paid-for cert on my Secure Server (the one I use to collect money from people) not only drives the encryption, it also reassures the user that I am who I say I am (if they know how to look at the cert, and I doubt if anyone ever does).

So, last November, after I installed the https version of Apache, I applied for a few dozen certs. It was a bit tedious setting this up, but I soon had it pretty much sorted, and that gave me all the certs I need, for free. They only last three months, but updating them is also free, and it's a lot easier to update them that to get them in the first place. You do

getssl -a

And it takes a while, but after several minutes, I was all updated.

Next, I needed to change the Apache config files, to tell it two things. First, where the certs were. Second, that I wanted it to use port 443 (that's the https port) as well as 80. And thirdly, I told it that if any user asked for an http connection, then it should switch to an https connection. That means I won't have to change a humungous number of links, both on my web sites, and scattered all over the internet. To do this, I used redirect.

Redirect permanent /

This redirect is so permanent, that Firefox, once it's seen it, remembers it, like, forever (there is a way to clear Firefox's memory of that). That caused me immense problems, because I hadn't known this, and my first effort was slightly wrong, and when I fixed the mistake, Firefox was still going to the wrong place, and I spent a lot of anguish and elbow grease trying various things to fix a problem that I had already fixed, dammit, except that Firefox carried on redireccting to the wrong place, until I cleared it's mistaken redirect.

So, I've changed two web sites over to being all https. I'll wait and see if there's any unpleasant side effects, but I don't think there will be, and I'll change everything else to https.

If you have a web site, you should also change over before July 2018.

Tuesday, 6 February 2018

Gold scam

Dear Sir/Madam

We are village local gold miners located here in Mali in West
Africa we hereby make this offer of au metal gold dust under the penalty
of perjury with full responsibility. the purity bellow.

The purity bellow.
1. Product:Au metal (gold dust)
2. Origin:mali,west africa
3. Type: alluvial
4. Purity:92.7% or better
5. Carats:22+
6.Pirce $26,500 USD

We are searching for a serious gold buyer,whom we can establish a long
term business with,to enable us discuss the procedures of delivery and
payments,you know that the local minners has not being to school in this
case they don't understand the baking procedures about gold,now is you
or your mandate will explain to us how you will want the business to be. i
want you and your company to be my AGENT.

Best regards.
Mr Mohammed Alpha

Saturday, 27 January 2018

The Orange Pi

Rummaging round in Hobbyking, I came across the Orange Pi. It's like a Raspberry Pi, but cheaper and with more.

£6.31 gets you an Orange Pi, with a quad core, 1gb memory, 10/100 ethernet, card slot, wifi and 4 USB ports

£14.04 gets you an Orange Pi Plus, with a quad core, 1gb memory plus 8GB flash, sata and gigabit ethernet and 5 USB ports.

The Raspberry Pi 3 is £30, by comparison.


Massive malvertising

I should have thought of this.

Instead of just feeding malicious software into genuine advertising agencies, how about setting up your own malicious agency? And if not one, how about 28? And that's exactly what happened.

So you set up a 28 fake ad agencies - that's easy enough, it just takes a bunch of web sites and some fake profiles on linkedin. Then those agencies contact web sites and offer money for ads on genuine web sites. And although they promise to pay, they don't actually have pay for those ads - this is a criminal enterprise.

So unsuspecting users are deluged with malvertising from malagencies. Here's the details.

That's why I block advertising. Not because it's annoying and intrusive, but because some of it is actually malicious.

Friday, 26 January 2018

Fixing the Masterswitch

APC make a product called the Masterswitch. The ones I have are about 20 years old; I have three of them, and two are in use. They let me control the power to any of eight outlets, which means that I can switch computers on or off, remotely. From anywhere!

The one that isn't in use, is out of action because I can't access it via the ethernet port. I can access it via a serial port, but that's a bit clumsy. I wanted to fix it.

It's been like that for several years, but a few days ago, I had a sudden thought. Maybe the problem is just the ethernet card? So I went on to eBay, and discovered that these cards (AP9606) cost about £25, whereas I can get an entire second-hand Masterswitch for about £70. And I didn't actually know that buying that £25 card would fix the Masterswitch.

But I told eBay to email me if anything came up, and hey! A card was offered for £12.86, so I grabbed it. It arrived today.

I put the card into the faulty Masterswitch, and accessed it over the serial port, in order to set the IP address and suchlike. Then I tried to use it. No luck. And after trying this, that and the other, I suddenly realised that this hadn't come out of a Masterswitch, it had come out of a UPS; APC also make very nice UPSes. So the card was trying to control a UPS, it had no idea about eight switchable power outlets.

Hey ho, I thought, that's £12.86 wasted. And then I had another thought. I looked at the old card, and it had a label on it that said:

Model: AP9212
AOS: aos253.bin
APP: ms202.bin

So I'm guessing that aos is the operating system, and ms202 is the Masterswitch software. So maybe I can upload those to the new card?

I googled around, and found the software on the APC site, here. I downloaded the latest version, vintage 2001 (I told you I've had these for a long time) and used ftp to copy the files to the Masterswitch. They copied just fine!

Then I rebooted the Masterswitch, and it came up nicely. And then I accessed it via the web interface over the network, I was able to switch outlets on and off just perfectly.

Job done!

Monday, 22 January 2018

Network switches

After one of my network switches crashed catastrophically, I needed a replacement, so I went to eBay.

I should first explain what a network switch is. Each computer has an ethernet port (or uses Wifi, but most of mine use wires). The cable from that port, goes to an ethernet switch, and that acts as a kind of traffic manager. Like roads leading to a roundabout?

The switch that failed, was a 32 port switch, but I've grown a bit since then, and I looked for a 48 port switch. And I wanted it to run at 1000 mbit speed (gigabit) because I've been using gigabit speeds on an increasing number of computers. The cards cost just a couple of dollars now.

You have to be a bit careful; some switches have just a few gigabit ports and the others are all megabit. I wanted a switch that was all gigabit. So I went to eBay and rummaged.

I wound up buying a "3com Baseline Switch 2948-SFP Plus" for £30. And after a bit of thought, I bought another one for £35. These give me 48 gigabit ports, so I can put one on my front rack and one on the rear rack.

I installed the front rack switch, and that was working well. So I looked at the rear rack switch, and decided that before I installed it, I'd have a play around with it, to see what else it could do. And I was amazed! This is what is called a "managed switch". You can disable ports, or restrict the speed. You can monitor the throughput of each port, and tons more.

So after playing with my new switch, I installed it, so now my main Data Shed is entirely gigabit switches.

And then I went to eBay about bought another "3com Baseline Switch 2948-SFP Plus" for £35. The only thing I don't really understand, is why they are so cheap!

Sunday, 21 January 2018

A consulting job

This happened a couple of decades back. I was asked by a computer dealer to appear in court as an expert witness. They wanted me to swear that a 10 mbit ethernet network, is 2.5 times as fast as a 4 mbit token ring network. They had replaced, for a customer, their old Token Ring network with a new ethernet network, and the customer was complaining that it ran very very slowly now. And this was going to be a court case, because customer wanted dealer to rip out the ethernet cabling and hardware, and reinstall their old token ring, and that would be very expensive for the dealer.

It sounds like it would be faster. But networks aren't quite that simple. And why would the customer be wrong about this? So I said "I need to visit and have a look at this." "The dealer said, "Why? It's very simple, 10 mbit compared to 4 mbit." So I explained, when I'm up on the witness stand giving my expert opinion, and the cross-examination asks me "So, Dr Solomon, did you actually go and look at this network?"  then I don't want to have to ansewr, "No, I'm just guessing."

So we made an appointment, and I went to visit the customer. The customer showed me; he started up Dataease (a database that I knew and loved) and nothing happened, for a very very long time, until eventually, the opening screen came up. "Odd, I though, "that should have been instant, they haven't actually done anything yet." So we closed it down, and started it up, and this time I went to watch the server. And the disk light was flashing, and flashing, and flashing - lots of disk access, and eventually the database started up.

"Hmmm, I thought, "I wonder what's causing that?" So I started it up again, but in single user mode, and this time, it came alive instantly. The customer was watching, and said "Yes, that's more like it! Well done, you've fixed it." No, I hadn't. You can't use a multi-user database in single user mode, there will be collisions. But it was clear what was wrong; the database was implementing locking by opening little files to indicate "File in use", and closing them, and opening them, and so on.

So, how to fix this? I phoned Dataease tech support; I had a good name to talk to, which got me past the front line support "Have you switched the monitor on?". And he said, "Yes, that was version 4, but version 5 does proper in-memory locking using the operating system locks." "So how can I get an update?" I asked. And the customer interrupted, "Do you mean this?" he asked, waggling a copy of Dataease 5 that they had been sent but hadn't bothered to install.

So  I upgraded their software, ran it multiuser, it was swift as an arrow, everyone was happy (the customer, the dealer and me - but not the lawyers who had been deprived of their fees).

Job done.

Thursday, 18 January 2018

Power controller

I use APC remote control power distribution units. They give me eight power ports, controllable remotely via my network; very nice. It means that I can be on the other side of the world, and reboot my computers.

I used to have three DSL lines, used for backup across the internet, because they were cheaper than my old 2mbit leased line. When I moved to a 100 mbit connection, I didn't really need them. But I kept one, because A) it gives me at least some connectivity if the 100 mbit line goes down (which it has, they called it routine maintenance, but they didn't warn me in advance, so I claimed compensation, which I got) and it also means that I have a way of accessing my network from "outside".

The APC PDU was still there, now controlling only one DSL router. Which is a waste, I could find a use for that elsewhere. So, I thought, let's make a remote rebooter from parts in my parts box.

I used a Raspberry Pi, of course, version 1. I also had a little relay board, they cost £1 on eBay.

The DSL is powered by a plug-in power supply which claims to give 12 volts; it actually gave 15 volts. Too rich for the Pi, I already fried one that way! So I used a step-down converter (eBay, £1.33) to get it down to the needed 5 volts.

I connected pin 2 of the Pi to give the relay its 5 volts, and pin 6 for the ground. Pin 12 is GPIO18, and that was the pin that would switch the relay. So the 15 volt PSU supplied the Pi after going through the converter, and also supplied the DSL router, after going through the relay.

The software to control this was pretty simple. First, run only once after boot-up, to set up the Pi gpio pin.

# put the gpio pin 18 (physical 12) under control of the kernel
echo "18" > /sys/class/gpio/export
# make pin 18 an output pin
echo "out" > /sys/class/gpio/gpio18/direction

Then, to switch on, I do "gpio -g write 18  0" and to switch off, I do "gpio -g write 18  1".

Instead of having to log in to do this, I implemented a little cgi, so that I can access it as a web page and click the on or off button.


Wednesday, 17 January 2018

How to activate your HSBC debit card

Why does the card need activating? Is it a security thing, in case the card the posted falls into the wrong hands?

So I phone the number they give, 0800 783 5263 and the rest was automated. It asked for the card number, which I gave, and then to ensure that it really was me calling, they asked for my date of birth.

Wait, what? They think this is something known only to myself and HSBC?

No wonder there's so much fraud.

Network down

I got up this morning to find my entire network down. I did a few checks, then went down to the Data Shed to see if I could spot the problem. I saw, almost immediately, one of the big gigabit switches (32 ports) was flashing all ports. I powered that switch down, and my network came back to life.

I think the switch had simply gone gaga, and was throwing packets onto the network as fast as it could. I doubt if it's something I can fix. So I replaced it with one of my old 100mbit switches, and now everything works.

I use gigabit on most servers, because it makes throwing huge amounts of data from one server to another, very fast. I need that when I'm backing up terabytes of data. But for external access, the limit is 100 mbit, because that's the speed of my line.

I would like to use a gigabit switch instead of that temporary 100 mbit switch. So I went on to Ebay, and found a 48-port gigabit switch for £30. Which is not bad, since a 48 port gigabit switch is, when new, over £200.

 ... later ... So then I bought another one for £35.

Monday, 15 January 2018

Dental diagnosis

Time for my annual tooth check. So I toddled down to the dentist.

She poked and prodded, and stuck something sharp into my gums, and after a somewhat uncomfortable five minutes, she gave me the all-clear!

Friday, 12 January 2018

The Black Baron

This is about the first themed show that we did. We had previously done the same chrome-and-white-plastic shows as everyone else. In order to be taken seriously, you have to be serious. And boring. And people forget everything you told them as soon as you've finished talking. So I decided to try something completely different.

This was just at the time when viruses had been written by someone calling himslef the "Black Baron" - he turned out to be a British guy from Plymouth. He called his viruses Smeg.Queeg and Smeg.Pathogen, and generally seemed to be a fan of the TV show "Red Dwarf". The interesting thing about his viruses, was that they were very polymorphic. at a time when polymorphic viruses weren't common.

Before the show, I thought about what we could do, and I put together a mini-presentation, to show to our sales and marketing people, with sound from a tiny tape recorder, and I hoped they could use their imagination to see what the real thing would look like. I heard a whisper "Is he serious?".

I wanted to impress on the audience that, no matter how clever the author of the viruses were, we were cleverer, and were completely on top of the situation.

The occasion was Softteach, a show put on by distributor Softsell, aimed at dealers. And what dealers want, of course, is something they can sell, for a profit. And which doesn't cause them hassle later.

So my commercial pitch was this. We're giving you a free copy of the Antivirus Toolkit, and you can sell it to whoever you want. Because when someone wants an AV, they want it RIGHT NOW, not after a couple of days for delivery to happen. But when you sell it, you'll re-order, right? So that you can keep on selling it. Also, don't worry about tech support. We do all that, we have a free tech support line. And don't worry about us undercutting you on price - I promise that we won't sell copies to anyone at anything other than our recommended list price. So the message was "You can make money out of this".

So that was the main message. I know what turns dealers on. But that's boring. So I decided to explain to them about how polymorphic viruses worked, using an animated Powerpoint presentation to show how the viruses self-mutated in each copy. Also boring, but really the point I was trying to make is "We know what we're doing."

But how to make it really interesting? At Softteach, each vendor had a room, and you do the same presentation several times over the two days. We installed a really good sound system in our room, and we controlled the lighting.

When the dealers came in, we were playing the theme tune to "Red Dwarf", which was so popular at the time, everyone recognised it. Then, when everyone was sat down and the room filled, we started. "I'm going to tell you about the Smeg viruses, written by "The Black Baron" and when I said "The Black Baron", we did a flash of lighting and a crash of thunder, really loud. Which they weren't expecting, so it made them jump. And from then on, whenever I said "The Black Baron", we hit them with lightning and thunder again. And the presentation was quite technical (these are dealers, so they do understand about computers) and it didn't matter that it was over their heads, because A) we were flattering them by being so technical and B) we were saying "We know what we're doing."

We all wore t-shirts with the message "Smoke me a kipper" and  a picture of one of the Red Dwarf characters. I still have one of those t-shirts.

Word soon spread "Have you seen the S&S presentation? You've got to see it?" and we were packed out. We gave away hundreds of free Toolkit copies to these dealers and from that time on, whenever anyone asked for an antivirus from those dealers, they were sold one of our Toolkits. Which was, at the time, the best product around, so everyone gained.

And it was so much fun to do!

Except for Chris Pile, The Black Baron. He was apprehended, pleaded guilty, and was sentenced to 18 months.

Thursday, 11 January 2018

Evolution explained

Some people have a wrong idea about what evolution is, and they rightly think that their vision of evolution is nonsense and implausible. Monkeys don't change into people. And that's right, they don't. That isn't how it works.

For evolution to happen, you need three things.

1. When animals produce young, the young are a bit different from the parents.
2. The characteristics of the animal, are inheritable.
3. Something chooses which of the young will survive and reproduce, and which won't.


So, 1 is obvious. You are slightly different from your parents. Animals are diferent from their parents too, but since to us all sheep look the same, that isn't obvious. But it's true for all animals.

The differences might be, you're taller or shorter, you're more or less clever, your hair might be a different colour, your skin might be lighter or darker. You might be better or worse at seeing, hearing or smelling things.


We also know that characteristics are inheritable. "Doesn't he look like his father!" is something we often say, or "She's got her mother's nose". And if you look at dogs; two greyhounds make greyhound puppies, inheriting the characteristics of their parents. But if you mate a greyhound with a bulldog, you get something that is a bit like both, inheriting some of the characteristics of each parent. It's only relatively recently that we found out the reason for this, and we call the study of this "genetics".

Humans choose

Now consider dogs. For a very long time, humans have chosen which of the litter to keep, and which not to keep. As a result, there are numerous breeds of dog which are very different from each other. This demonstrates that it is possible, over a period of some millenia, that dogs can become many different breeds.

But dogs are still dogs. Greyhounds can mate with bulldogs (although I'm not sure how a chihuahua would cope with a Great Dane).

In this case, it was humans who did the choosing.

God chooses

Another way for this to happen, would be for God to choose. If you believe in God.

Nature chooses

The third way, is for nature to choose. If some of the lion cubs are faster, then they are more able to chase down prey; the slower ones will find it more difficult to catch prey, and will eat less well. The faster cubs are more likely to grow to adults and breed, and be able to feed their young. So pressure from their environment, pushes lions towards being able to run faster, or hide better, or kill more easily.

It takes generations. Evolution is slow. Animals don't change, it's populations that change, and they change in response to environmental pressures. But in a few short generations, we can already see changes; there are (and always have been) elephants without tusks. That used to be a disadvantage; tusks are useful tools. But today, a fine pair of tusks can get you killed for ivory. Tuskless elephants don't get killed for their ivory, because they don't have any, so are more likely to survive and reproduce. And they pass on the inheritable characteristic of "having no tusks". As a result, the percentage of tuskless female elephants has increased from 10% in 1969, to 38% in 1989. So here, although humans aren't intending to create tuskless elephants, human predation is giving that effect.

Natural evolution is even slower. The variations are quite small, and the advantage gained can also be small. But even a small advantage, over millions of years, can result in big changes.

For example, consider a populations of rabbits. Rabbits all over the place! And then, something happens, such as when the UK changed from being part of the continent, to being an island. Now there are two populations of rabbits, unable to interbreed because rabbits can't swim that far.

So what happens if the environmental pressures on the rabbits are different. Suppose the mainland rabbits are mostly predated by wolves; the island rabbits by eagles. On the mainland, natural selection will favour rabbits that spot wolves and get into their burrows quickly. On the island, natural selection will favour rabbits that spot eagles when they start to dive.

Mainland rabbits will be looking around them and listening for wolves; island rabbits will be looking upwards. On the island, selection will favour rabbits that mostly look up, and keep their heads turned up; also, they need better eyes, to see the eagle while it's still high up. Mainland rabbits will be favoured if they can run faster.

Over a long period of time, the island rabbits will tend to rest in a position that scans the sky and have good eyesight; mainland rabbits will develop more powerful running legs. Eventually, both populations will have changed so much (remember how much dogs have changed in only a few millenia?) that you wouldn't call either population rabbits any more. The island creatures are we now call skyscanners, and the mainland creatures are called fastrunners. And if you try to mate a skyscanner with a fastrunner, they are so different that they can't breed together.

And that's how evolution works.