Pages

Thursday 31 October 2019

Dead in a ditch

So here we are, October 31st, and no Brexit.

I did my best. I did all the preparations that the government said I should do for a no-deal Brexit. It was immensely expensive and took a lot of time, and this is the second time I've done this (including the stockpiling of many toilet rolls). And it isn't just me, it's millions of businesses all over the UK that responded to the £100 million government advertising campaign (taxpayers money, coming partly from my pocket, utterly wasted).

Every time I rolled down the motorway, I saw numerous signs telling me that freight arrangements would change on October 31st, and I'd better get ready for that. I saw huge roadside billboards, many radio adverts and even in the newspapers.

All for nothing.

So here we are again - the kick-the-can date is now set at 31 January 2020. We're having a general election on 12 December and will consider the Boris Bill for Brexit. Parliament will start to consider this mammoth bill on 16th December, and will, no doubt, propose many amendments, some of which will pass and some of which won't.

My only pleasure in all this, is listening to Nigel foaming at the mouth and telling everyone how furious he is, and inviting other peope to be furious with him (who reassure him in dulcet tones with "Yes, Nigel, I'm furious too"). Yes, Nigel, we're furious, but mostly with you for shoving your oar in when it wasn't wanted. Before 2015, the only time we heard about the EU was when it was being blamed for something that was plainly the fault of our own government; after 2020, the only things we will hear about the EU will be when it is STILL being blamed for things that are plainly the fault of our own government.

In 2016, I wrote a blog post analysing the benefits of Brexit and Remain, and concluded that it is always an advantage to belong to a Union, whether you are a Post Office worker or an American state. Leaving the Union, means that yes, we no longer have to pay our Union dues and can spend the savings on beer and cigarettes, but on the other hand we lose the benefits of collective bargaining in a world where the UK is a minor player compared with China, the EU and the USA.

However.

I am not in favour of another Leave/Remain referendum, because that won't make the situation any better, whichever way it goes. I am in favour of another General Election, because I believe that will clarify the minds of the Tories, the Labour party, the Brexit party, the Libdems and UKIP. The Tories will win a majority (and unfortunately lurch to the right), Labour will be drubbed (and will eject the architect of that loss, Jeremy Corbin), the Brexit party will win a few seats, (but will mostly divide the Labour vote leading to the above mentioned drubbing) and the Libdems will make some modest gains and crow about them as a mighty victory. UKIP will vanish like the morning dew (they just changed leadership again, but they are indelibly marked by their welcome of "Tommy Robinson" (Stephen Yaxley-Something) and his xenophobic thugs).

The Irish Border question has not, and will not, be resolved. We are bound by treaty with Ireland on this, and the Good Friday Agreement put an end to the Trouble (the polite name given to the decades of murder and repression in Northern Ireland). Leaving the EU will abrogate that treaty one way or another; we only have a choice in what element of the treaty we will be breaking. But I suspect most people outside of Northern Ireland don't give a Flying Flamingo for that, and we would happily throw them under a bendy bus were it not for the fact that the Republic of Ireland is part of the EU (remember the song You don't get me I'm part of the union)  and the Union is doing what the Union does, standing up for its members. It's nice when you're a small guy, being part of a union.

So here we are. October 31st, and no Brexit. The rantings of those who promised rivers of blood is we didn't leave by today are revealed to be "Project Fear", not that anyone took them seriously.

What do I want? I want whatever arrangement gets us out of the EU (because the majority voted that way) while minimising the damage done (for example, while remaining in the Single Market and the Customs Union). This means ignoring the ranting of Nigel and Nigel-alikes whining about "Brexit in name only". No, Nigel, we voted to leave the EU, we didn't vote to leave the Single Market and the Customs Union. That's just you and your fan club.

And then we can spend the next decade trying to negotiate terms of trade with the USA, China and the EU that are better than those we had as part of the EU.

And failing.

And eventually, some bright spark will suggest "Wouldn't we be better off if we joined the union?

Now I'm a union man
Amazed at what I am
I say what I think
That the company stinks
Yes I'm a union man.
When we meet in the local hall
I'll be voting with them all
With a hell of a shout
It's out brothers out
And the rise of the factory's fall.
Oh you don't get me I'm part of the union
You don't get me I'm part of the union
You don't get me I'm part of the union
Till the day I die, till the day I die.

Saturday 19 October 2019

Deal or no deal part two

OK, I've done everything I can to prepare for a no-deal Brexit.

So now what do I do to prepare for a Brexit with the Boris deal? Nobody knows.

The Letwin Amendment says that Boris has to ask for an extension. Boris says "Non". Parliament say he has to. The last person who defied a clear order from parliament got decapitated. Perhaps that won't happen to Boris.

So, where are we?

Nobody knows.

Tuesday 15 October 2019

PCI DSS

At last, I have a clean PCI DSS.

There's always been a few non-critical remarks in the test report, but this time around, I got a clean report.

To get rid of the report's uneasiness about the secure server accepting mail, I changed one line in sendmail.mc to

DAEMON_OPTIONS(`Port=smtp, Addr=127.0.0.1, Name=MTA')dnl

What that does, is disallow email from other servers. That's not a real vulnerability, but the PCI DSS report used to mention it. And I don't actually receive email on that sever, so it's no loss to me.

I also added these lines to my startup script.


iptables -I INPUT  -p icmp --icmp-type timestamp-request -j DROP
iptables -I OUTPUT -p icmp --icmp-type timestamp-reply   -j DROP


That stops people from finding out the date and time on my server. I don't see this as a big problem, because it's easy for people to see that my server is in the UK, and it's really easy to find out the time here. But, the PCI DSS report has always reported it as an information leakage. So I've blocked it.

Finally, there was a report that my certificate used SHA-256. It does, but only for the root certificate, and browsers dn't cheack SHA-256, they check the whole certificate. So that isn't a vulnerability at all, it's been a false positive for years, and each time I did a scan, I did a cut-and-paste of my explanation why it's a false positive, and they always accepted it. But now they've fixed their false positive!

That leaves only one thing in the report - that the server is accessible via https. Well yes, it is, because that's my Secure Server, and if all access to it is blockedd, it's as useful as a chololate teapot.